On Thu, 15 Feb 2001 15:45:30 +0100 Lele Gaifax <lele@xxxxxxxxxx> wrote: > Feb 15 15:42:10 paci kernel: Packet log: input DENY ippp0 PROTO=6 > 195.120.220.2:65535 212.104.18.245:65535 L=68 S=0x00 I=31560 F=0x00B3 > T=55 (#50) > > Chi richiede la connessione è il mio mail POP... Però non capisco > quale regola blocchi il tentativo... La numero 50 del chain input com puoi vedere tu stesso da questo estratto dall' ipchains how-to: The kernel logs this information looking like: Packet log: input DENY eth0 PROTO=17 192.168.2.1:53 192.168.1.1:1025 L=34 S=0x00 I=18 F=0x0000 T=254 This log message is designed to be terse, and contain technical information useful only to networking gurus, but it can be useful to the rest of us. It breaks down like so: 1. `input' is the chain which contained the rule which matched the packet, causing the log message. 2. `DENY' is what the rule said to do to the packet. If this is `-' then the rule didn't effect the packet at all (an accounting rule). 3. `eth0' is the interface name. Because this was the input chain, it means that the packet came in `eth0'. 4. `PROTO=17' means that the packet was protocol 17. A list of protocol numbers is given in `/etc/protocols'. The most common are 1 (ICMP), 6 (TCP) and 17 (UDP). 5. `192.168.2.1' means that the packet's source IP address was 192.168.2.1. 6. `:53' means that the source port was port 53. Looking in `/etc/services' shows that this is the `domain' port (ie. this is probably an DNS reply). For UDP and TCP, this number is the source port. For ICMP, it's the ICMP type. For others, it will be 65535. 7. `192.168.1.1' is the destination IP address. 8. `:1025' means that the destination port was 1025. For UDP and TCP, this number is the destination port. For ICMP, it's the ICMP code. For others, it will be 65535. 9. `L=34' means that packet was a total of 34 bytes long. 10. `S=0x00' means the Type of Service field (divide by 4 to get the Type of Service as used by ipchains). 11. `I=18' is the IP ID. 12. `F=0x0000' is the 16-bit fragment offset plus flags. A value starting with `0x4' or `0x5' means that the Don't Fragment bit is set. `0x2' or `0x3' means the `More Fragments' bit is set; expect more fragments after this. The rest of the number is the offset of this fragment, divided by 8. 13. `T=254' is the Time To Live of the packet. One is subtracted from this value for every hop, and it usually starts at 15 or 255. 14. `(#5)' there may be a final number in brackets on more recent kernels (perhaps after 2.2.9). This is the rule number which caused the packet log. La nota che fa al caso tuo è appunto la 14 L'how-to completo lo trovi in /usr/share/doc/netbase/ipchains-HOWTO.txt.gz ciao azazel -- Per iscriversi (o disiscriversi), basta spedire un messaggio con SOGGETTO "subscribe" (o "unsubscribe") a mailto:linuxtrent-request@xxxxxxxxxxxxxxxxx