How to filter this packet using iptables?

montyleesam · 05-12-2007, 10:43 AM

Hello, all.

I can filter some protocol packet like below using iptables.

# iptables -A INPUT -p x

But how can I filter like (proto 0) below?
proto 0 means protocol 0?

I can find protocol 0 information at
http://www.iana.org/assignments/protocol-numbers

11.34.254.146 -> xx.xx.xx.xx [proto 0]
........WinSock 2.0.....LG@. B..Y..|............#...............

24.57.19.22 -> xx.xx.xx.xx [proto 0]
........WinSock 2.0.....LG@.....Y..|............#...............

# iptables -A INPUT -p 0 -j DROP

When I execute like above, protocol 0 means all protocol.

# iptables -L INPUT -n
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Thanks for your time....

gloomy · 05-12-2007, 12:22 PM

From man iptables:

Quote:

The protocol of the rule or of the packet to check. The specified protocol can be one of tcp, udp, icmp, or all, or it can be a numeric value, representing one of these protocols or a different one. A protocol name from /etc/protocols is also allowed. A "!" argument before the protocol inverts the test. The number zero is equivalent to all. Protocol all will match with all protocols and is taken as default when this option is omitted.
s omitted.

The IP (Internet Protocol), the number 0, is not really a protocol but the basic layer for IPv4 and IPv6 located at network layer, instead of the transport layer in which such common protocol as TCP and UDP are located. Please see /etc/protocols as reference instead of IANA, since that is what the operating system and most programs understands.

I have no information where the log file is coming from and to what the protocol in that refers, but the "WinSock 2.0" is the standard Windows Sockets API that itself reaches the TCP/IP protocol suite, and if you filter protocol 0, you basically filter every single packet and segment.