Сегодня настраивал IPFW и в логах постоянно вываливаются сообщения типа:
Deny P:47 x.x.x.x x.x.x.x out via em1
Deny ICMP:5.1 x.x.x.x x.x.x.x in via em1
Deny P:2 x.x.x.x 224.0.0.22 in via ng0
Я понимаю, что всё и так понятно, когда долго имеешь дело с операционной системой, но постоянно появляется что-то новое и приходится заново искать справочную информацию о типе пакета - пропускать его или нет.
Итак, представляю список обозначений протоколов в логе IPFW, который можно просмотреть в файле /var/log/security. Этот же список можно посмотреть в самой операционной системе в файле /etc/protocol
| Название протокола | № | Обозначение в /var/log/security |
Описание протокола |
| ip | 0 | IP | # internet protocol, pseudo protocol number |
| #hopopt | 0 | HOPOPT | # hop-by-hop options for ipv6 |
| icmp | 1 | ICMP | # internet control message protocol |
| igmp | 2 | IGMP | # internet group management protocol |
| ggp | 3 | GGP | # gateway-gateway protocol |
| ipencap | 4 | IP-ENCAP | # IP encapsulated in IP (officially ``IP'') |
| st2 | 5 | ST2 | # ST2 datagram mode (RFC 1819) (officially ``ST'') |
| tcp | 6 | TCP | # transmission control protocol |
| cbt | 7 | CBT | # CBT, Tony Ballardie <A.Ballardie@cs.ucl.ac.uk> |
| egp | 8 | EGP | # exterior gateway protoco |
| igp | 9 | IGP | # any private interior gateway (Cisco: for IGRP) |
| bbn-rcc | 10 | BBN-RCC-MON | # BBN RCC Monitoring |
| nvp | 11 | NVP-II | # Network Voice Protocol |
| pup | 12 | PUP | # PARC universal packet protocol |
| argus | 13 | ARGUS | # ARGUS |
| emcon | 14 | EMCON | # EMCON |
| xnet | 15 | XNET | # Cross Net Debugger |
| chaos | 16 | CHAOS | # Chaos |
| udp | 17 | UDP | # user datagram protocol |
| mux | 18 | MUX | # Multiplexing protocol |
| dcn | 19 | DCN-MEAS | # DCN Measurement Subsystems |
| hmp | 20 | HMP | # host monitoring protocol |
| prm | 21 | PRM | # packet radio measurement protocol |
| xns-idp | 22 | XNS-IDP | # Xerox NS IDP |
| trunk-1 | 23 | TRUNK-1 | # Trunk-1 |
| trunk-2 | 24 | TRUNK-2 | # Trunk-2 |
| leaf-1 | 25 | LEAF-1 | # Leaf-1 |
| leaf-2 | 26 | LEAF-2 | # Leaf-2 |
| rdp | 27 | RDP | # "reliable datagram" protocol |
| irtp | 28 | IRTP | # Internet Reliable Transaction Protocol |
| iso-tp4 | 29 | ISO-TP4 | # ISO Transport Protocol Class 4 |
| netblt | 30 | NETBLT | # Bulk Data Transfer Protocol |
| mfe-nsp | 31 | MFE-NSP | # MFE Network Services Protocol |
| merit-inp | 32 | MERIT-INP | #MERIT Internodal Protocol |
| dccp | 33 | DCCP | # Datagram Congestion Control Protocol |
| 3pc | 34 | 3PC | # Third Party Connect Protocol |
| idpr | 35 | IDPR | # Inter-Domain Policy Routing Protocol |
| xtp | 36 | XTP | # Xpress Tranfer Protocol |
| ddp | 37 | DDP | # Datagram Delivery Protocol |
| idpr-cmtp | 38 | IDPR-CMTP | # IDPR Control Message Transport Proto |
| tp++ | 39 | TP++ | # TP++ Transport Protocol |
| il | 40 | IL | # IL Transport Protocol |
| ipv6 | 41 | IPV6 | # ipv6 |
| sdrp | 42 | SDRP | # Source Demand Routing Protocol |
| ipv6-route | 43 | IPV6-ROUTE | # routing header for ipv6 |
| ipv6-frag | 44 | IPV6-FRAG | # fragment header for ipv6 |
| idrp | 45 | IDRP | # Inter-Domain Routing Protocol |
| rsvp | 46 | RSVP | # Resource ReSerVation Protocol |
| gre | 47 | GRE | # Generic Routing Encapsulation |
| dsr | 48 | DSR | # Dynamic Source Routing Protocol |
| bna | 49 | BNA | # BNA |
| esp | 50 | ESP | # encapsulating security payload |
| ah | 51 | AH | # authentication header |
| i-nlsp | 52 | I-NLSP | # Integrated Net Layer Security TUBA |
| swipe | 53 | SWIPE | # IP with Encryption |
| narp | 54 | NARP | # NBMA Address Resolution Protocol |
| mobile | 55 | MOBILE | # IP Mobility |
| tlsp | 56 | TLSP | # Transport Layer Security Protocol |
| skip | 57 | SKIP | # SKIP |
| ipv6-icmp | 58 | IPV6-ICMP icmp6 | # ICMP for IPv6 |
| ipv6-nonxt | 59 | IPV6-NONXT | # no next header for ipv6 |
| ipv6-opts | 60 | IPV6-OPTS | # destination options for ipv6 |
| # | 61 | # any host internal protocol | |
| cftp | 62 | CFTP | # CFTP |
| # | 63 | # any local network | |
| sat-expak | 64 | SAT-EXPAK | # SATNET and Backroom EXPAK |
| kryptolan | 65 | KRYPTOLAN | # Kryptolan |
| rvd | 66 | RVD | # MIT Remote Virtual Disk Protocol |
| ippc | 67 | IPPC | # Internet Pluribus Packet Core |
| # | 68 | # any distributed filesystem | |
| sat-mon | 69 | SAT-MON | # SATNET Monitoring |
| visa | 70 | VISA | # VISA Protocol |
| ipcv | 71 | IPCV | # Internet Packet Core Utility |
| cpnx | 72 | CPNX | # Computer Protocol Network Executive |
| cphb | 73 | CPHB | # Computer Protocol Heart Beat |
| wsn | 74 | WSN | # Wang Span Network |
| pvp | 75 | PVP | # Packet Video Protocol |
| br-sat-mon | 76 | BR-SAT-MON | # Backroom SATNET Monitoring |
| sun-nd | 77 | SUN-ND | # SUN ND PROTOCOL-Temporary |
| wb-mon | 78 | WB-MON | # WIDEBAND Monitoring |
| wb-expak | 79 | WB-EXPAK | # WIDEBAND EXPAK |
| iso-ip | 80 | ISO-IP | # ISO Internet Protocol |
| vmtp | 81 | VMTP | # Versatile Message Transport |
| secure-vmtp | 82 | SECURE-VMTP | # SECURE-VMTP |
| vines | 83 | VINES | # VINES |
| ttp | 84 | TTP | # TTP |
| nsfnet-igp | 85 | NSFNET-IGP | # NSFNET-IGP |
| dgp | 86 | DGP | # Dissimilar Gateway Protocol |
| tcf | 87 | TCF | # TCF |
| eigrp | 88 | EIGRP | # Enhanced Interior Routing Protocol (Cisco) |
| ospf | 89 | OSPFIGP | # Open Shortest Path First IGP |
| sprite-rpc | 90 | Sprite-RPC | # Sprite RPC Protocol |
| larp | 91 | LARP | # Locus Address Resolution Protocol |
| mtp | 92 | MTP | # Multicast Transport Protocol |
| ax.25 | 93 | AX.25 | # AX.25 Frames |
| ipip | 94 | IPIP | # Yet Another IP encapsulation |
| micp | 95 | MICP | # Mobile Internetworking Control Pro |
| scc-sp | 96 | SCC-SP | # Semaphore Communications Sec. Pro. |
| etherip | 97 | ETHERIP | # Ethernet-within-IP Encapsulation |
| encap | 98 | ENCAP | # Yet Another IP encapsulation |
| # | 99 | # any private encryption scheme | |
| gmtp | 100 | GMTP | # GMTP |
| ifmp | 101 | IFMP | # Ipsilon Flow Management Protocol |
| pnni | 102 | PNNI | # PNNI over IP |
| pim | 103 | PIM | # Protocol Independent Multicast |
| aris | 104 | ARIS | # ARIS |
| scps | 105 | SCPS | # SCPS |
| qnx | 106 | QNX | # QNX |
| a/n | 107 | A/N | # Active Networks |
| ipcomp | 108 | IPComp | # IP Payload Compression Protocol |
| snp | 109 | SNP | # Sitara Networks Protocol |
| compaq-peer | 110 | Compaq-Peer | # Compaq Peer Protocol |
| ipx-in-ip | 111 | IPX-in-IP | # IPX in IP |
| carp | 112 | CARP vrrp | # Common Address Redundancy Protocol |
| pgm | 113 | PGM | # PGM Reliable Transport Protocol |
| # | 114 | # any 0-hop protocol | |
| l2tp | 115 | L2TP | # Layer Two Tunneling Protocol |
| ddx | 116 | DDX | # D-II Data Exchange |
| iatp | 117 | IATP | # Interactive Agent Transfer Protocol |
| stp | 118 | STP | # Schedule Transfer Protocol |
| srp | 119 | SRP | # SpectraLink Radio Protocol |
| uti | 120 | UTI | # UTI |
| smp | 121 | SMP | # Simple Message Protocol |
| sm | 122 | SM | # SM |
| ptp | 123 | PTP | # Performance Transparency Protocol |
| isis | 124 | ISIS | # ISIS over IPv4 |
| fire | 125 | FIRE | |
| crtp | 126 | CRTP | # Combat Radio Transport Protocol |
| crudp | 127 | CRUDP | # Combat Radio User Datagram |
| sscopmce | 128 | SSCOPMCE | |
| iplt | 129 | IPLT | |
| sps | 130 | SPS | # Secure Packet Shield |
| pipe | 131 | PIPE | # Private IP Encapsulation within IP |
| sctp | 132 | SCTP | # Stream Control Transmission Protocol |
| fc | 133 | FC | # Fibre Channel |
| rsvp-e2e-ignore | 134 | RSVP-E2E-IGNORE | # Aggregation of RSVP for IP reservations |
| mobility-header | 135 | Mobility-Header | # Mobility Support in IPv6 |
| udplite | 136 | UDPLite | # The UDP-Lite Protocol |
| mpls-in-ip | 137 | MPLS-IN-IP | # Encapsulating MPLS in IP |
| # | 138-254 | # Unassigned | |
| pfsync | 240 | PFSYNC | # PF Synchronization |
| # | 255 | # Reserved | |
| divert | 258 | DIVERT | # Divert pseudo-protocol [non IANA] |
Ссылки:
К содержанию