* How to filter this packet?
@ 2007-04-20 9:36 ` monty denis
2007-04-23 16:22 ` Nagy Zoltan
0 siblings, 1 reply; 3+ messages in thread
From: monty denis @ 2007-04-20 9:36 UTC (permalink / raw)
To: netfilter
Hello, all.
I can filter some protocol packet like below.
iptables -A INPUT -p x
But how can I filtre like (proto 0) below?
proto 0 means protocol 0 ?
I can find protocol 0 information at
http://www.iana.org/assignments/protocol-numbers
11.34.254.146 -> xx.xx.xx.xx [proto 0]
........WinSock 2.0.....LG@.
B..Y..|............#...............
24.57.19.22 -> xx.xx.xx.xx [proto 0]
........WinSock
2.0.....LG@.....Y..|............#...............
# iptables -A INPUT -p 0 -j DROP
When I execute like above, protocol 0 means all
protocol.
# iptables -L INPUT -n
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Thanks for your time....
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: How to filter this packet?
2007-04-20 9:36 ` monty denis
@ 2007-04-23 16:22 ` Nagy Zoltan
2007-04-23 18:23 ` Jan Engelhardt
0 siblings, 1 reply; 3+ messages in thread
From: Nagy Zoltan @ 2007-04-23 16:22 UTC (permalink / raw)
To: monty denis; +Cc: netfilter
monty denis wrote:
> Hello, all.
>
> I can filter some protocol packet like below.
>
> iptables -A INPUT -p x
>
> But how can I filtre like (proto 0) below?
> proto 0 means protocol 0 ?
>
> I can find protocol 0 information at
> http://www.iana.org/assignments/protocol-numbers
>
>
> 11.34.254.146 -> xx.xx.xx.xx [proto 0]
> ........WinSock 2.0.....LG@.
hi
you can use: l7,string,u32
string is the simplest and cheapest for this,
but if you place a rule like:
$ipt -m string --from 8 --to 16 --string WinSock
you maybe have to face with false positives.
or you can create a chain and return for all legal protocols, in this
way you can provide a negate for the others, and kick out proto 0 (and
others as well)
or you can go ahead and implement handling of protocol 255 it's reserved
anyway ;)
that way netfilter can use proto 255 for marking any protocol is ok
and use 0 and others as protocol identifiers
eg:
table INPUT
ipt -j PROTONEG
table PROTONEG
ipt -p tcp -j RETURN
ipt -p udp -j RETURN
ipt -p icmp -j RETURN
ipt -j DROP
good luck ;)
kirk
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: How to filter this packet?
2007-04-23 16:22 ` Nagy Zoltan
@ 2007-04-23 18:23 ` Jan Engelhardt
0 siblings, 0 replies; 3+ messages in thread
From: Jan Engelhardt @ 2007-04-23 18:23 UTC (permalink / raw)
To: Nagy Zoltan; +Cc: netfilter
On Apr 23 2007 18:22, Nagy Zoltan wrote:
> monty denis wrote:
>> Hello, all.
>>
>> I can filter some protocol packet like below.
>>
>> iptables -A INPUT -p x
>> But how can I filtre like (proto 0) below?
>> proto 0 means protocol 0 ?
>>
>> I can find protocol 0 information at
>> http://www.iana.org/assignments/protocol-numbers
>>
>>
>> 11.34.254.146 -> xx.xx.xx.xx [proto 0]
>> ........WinSock 2.0.....LG@.
according to /etc/protocols, proto 0 is IPv6-HOPBYHOP ...
Jan
--
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-04-23 18:23 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-04-20 9:36 How to filter this packet? monty denis
2007-04-20 9:36 ` monty denis
2007-04-23 16:22 ` Nagy Zoltan
2007-04-23 18:23 ` Jan Engelhardt
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.