Linuxtrent: Re: Regole firewall
- From: aZaZel <azazel@xxxxxxxxxxxxxx>
- To: linuxtrent@xxxxxxxxxxxxxxxxx
- Date: Thu, 15 Feb 2001 19:56:59 +0100
On Thu, 15 Feb 2001 15:45:30 +0100
Lele Gaifax <lele@xxxxxxxxxx> wrote:
> Feb 15 15:42:10 paci kernel: Packet log: input DENY ippp0 PROTO=6
> 195.120.220.2:65535 212.104.18.245:65535 L=68 S=0x00 I=31560 F=0x00B3
> T=55 (#50)
>
> Chi richiede la connessione è il mio mail POP... Però non capisco
> quale regola blocchi il tentativo...
La numero 50 del chain input com puoi vedere tu stesso da questo estratto
dall' ipchains how-to:
The kernel logs this information looking like:
Packet log: input DENY eth0 PROTO=17 192.168.2.1:53
192.168.1.1:1025
L=34 S=0x00 I=18 F=0x0000 T=254
This log message is designed to be terse, and contain technical
information useful only to networking gurus, but it can be useful to
the rest of us. It breaks down like so:
1. `input' is the chain which contained the rule which matched the
packet, causing the log message.
2. `DENY' is what the rule said to do to the packet. If this is `-'
then the rule didn't effect the packet at all (an accounting rule).
3. `eth0' is the interface name. Because this was the input chain, it
means that the packet came in `eth0'.
4. `PROTO=17' means that the packet was protocol 17. A list of
protocol numbers is given in `/etc/protocols'. The most common are
1 (ICMP), 6 (TCP) and 17 (UDP).
5. `192.168.2.1' means that the packet's source IP address was
192.168.2.1.
6. `:53' means that the source port was port 53. Looking in
`/etc/services' shows that this is the `domain' port (ie. this is
probably an DNS reply). For UDP and TCP, this number is the source
port. For ICMP, it's the ICMP type. For others, it will be 65535.
7. `192.168.1.1' is the destination IP address.
8. `:1025' means that the destination port was 1025. For UDP and TCP,
this number is the destination port. For ICMP, it's the ICMP code.
For others, it will be 65535.
9. `L=34' means that packet was a total of 34 bytes long.
10.
`S=0x00' means the Type of Service field (divide by 4 to get the
Type of Service as used by ipchains).
11.
`I=18' is the IP ID.
12.
`F=0x0000' is the 16-bit fragment offset plus flags. A value
starting with `0x4' or `0x5' means that the Don't Fragment bit is
set. `0x2' or `0x3' means the `More Fragments' bit is set; expect
more fragments after this. The rest of the number is the offset of
this fragment, divided by 8.
13.
`T=254' is the Time To Live of the packet. One is subtracted from
this value for every hop, and it usually starts at 15 or 255.
14.
`(#5)' there may be a final number in brackets on more recent
kernels (perhaps after 2.2.9). This is the rule number which
caused the packet log.
La nota che fa al caso tuo è appunto la 14
L'how-to completo lo trovi in /usr/share/doc/netbase/ipchains-HOWTO.txt.gz
ciao
azazel
--
Per iscriversi (o disiscriversi), basta spedire un messaggio con SOGGETTO
"subscribe" (o "unsubscribe") a mailto:linuxtrent-request@xxxxxxxxxxxxxxxxx
Other related posts:
