LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-12-2007, 11:43 AM   #1
montyleesam
LQ Newbie
 
Registered: Nov 2006
Posts: 21

Rep: Reputation: 15
How to filter this packet using iptables?


Hello, all.

I can filter some protocol packet like below using iptables.

# iptables -A INPUT -p x

But how can I filter like (proto 0) below?
proto 0 means protocol 0?

I can find protocol 0 information at
http://www.iana.org/assignments/protocol-numbers


11.34.254.146 -> xx.xx.xx.xx [proto 0]
........WinSock 2.0.....LG@. B..Y..|............#...............

24.57.19.22 -> xx.xx.xx.xx [proto 0]
........WinSock 2.0.....LG@.....Y..|............#...............

# iptables -A INPUT -p 0 -j DROP

When I execute like above, protocol 0 means all protocol.

# iptables -L INPUT -n
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0




Thanks for your time....
 
Old 05-12-2007, 01:22 PM   #2
gloomy
Member
 
Registered: Jan 2006
Location: Finland
Distribution: Mainly Gentoo
Posts: 119

Rep: Reputation: 15
From man iptables:

Quote:
The protocol of the rule or of the packet to check. The specified protocol can be one of tcp, udp, icmp, or all, or it can be a numeric value, representing one of these protocols or a different one. A protocol name from /etc/protocols is also allowed. A "!" argument before the protocol inverts the test. The number zero is equivalent to all. Protocol all will match with all protocols and is taken as default when this option is omitted.
s omitted.
The IP (Internet Protocol), the number 0, is not really a protocol but the basic layer for IPv4 and IPv6 located at network layer, instead of the transport layer in which such common protocol as TCP and UDP are located. Please see /etc/protocols as reference instead of IANA, since that is what the operating system and most programs understands.

I have no information where the log file is coming from and to what the protocol in that refers, but the "WinSock 2.0" is the standard Windows Sockets API that itself reaches the TCP/IP protocol suite, and if you filter protocol 0, you basically filter every single packet and segment.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
configure Packet filter ! gaunho *BSD 5 09-20-2006 04:58 AM
Packet filter ...help me ! gaunho Linux - Networking 0 09-14-2006 04:36 AM
Packet Filter to redirect a packet to a user level process akawale Linux - Networking 3 09-01-2006 01:06 PM
packet filter firewall naveenpurswani Programming 2 03-29-2004 03:54 PM
IP Packet filter doraiashok Programming 2 02-26-2004 12:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:21 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration