Сегодня настраивал IPFW и в логах постоянно вываливаются сообщения типа:
Deny P:47 x.x.x.x x.x.x.x out via em1
Deny ICMP:5.1 x.x.x.x x.x.x.x in via em1
Deny P:2 x.x.x.x 224.0.0.22 in via ng0
Я понимаю, что всё и так понятно, когда долго имеешь дело с операционной системой, но постоянно появляется что-то новое и приходится заново искать справочную информацию о типе пакета - пропускать его или нет.
Итак, представляю список обозначений протоколов в логе IPFW, который можно просмотреть в файле /var/log/security
. Этот же список можно посмотреть в самой операционной системе в файле /etc/protocol
Название протокола | № | Обозначение в /var/log/security |
Описание протокола |
ip | 0 | IP | # internet protocol, pseudo protocol number |
#hopopt | 0 | HOPOPT | # hop-by-hop options for ipv6 |
icmp | 1 | ICMP | # internet control message protocol |
igmp | 2 | IGMP | # internet group management protocol |
ggp | 3 | GGP | # gateway-gateway protocol |
ipencap | 4 | IP-ENCAP | # IP encapsulated in IP (officially ``IP'') |
st2 | 5 | ST2 | # ST2 datagram mode (RFC 1819) (officially ``ST'') |
tcp | 6 | TCP | # transmission control protocol |
cbt | 7 | CBT | # CBT, Tony Ballardie <A.Ballardie@cs.ucl.ac.uk> |
egp | 8 | EGP | # exterior gateway protoco |
igp | 9 | IGP | # any private interior gateway (Cisco: for IGRP) |
bbn-rcc | 10 | BBN-RCC-MON | # BBN RCC Monitoring |
nvp | 11 | NVP-II | # Network Voice Protocol |
pup | 12 | PUP | # PARC universal packet protocol |
argus | 13 | ARGUS | # ARGUS |
emcon | 14 | EMCON | # EMCON |
xnet | 15 | XNET | # Cross Net Debugger |
chaos | 16 | CHAOS | # Chaos |
udp | 17 | UDP | # user datagram protocol |
mux | 18 | MUX | # Multiplexing protocol |
dcn | 19 | DCN-MEAS | # DCN Measurement Subsystems |
hmp | 20 | HMP | # host monitoring protocol |
prm | 21 | PRM | # packet radio measurement protocol |
xns-idp | 22 | XNS-IDP | # Xerox NS IDP |
trunk-1 | 23 | TRUNK-1 | # Trunk-1 |
trunk-2 | 24 | TRUNK-2 | # Trunk-2 |
leaf-1 | 25 | LEAF-1 | # Leaf-1 |
leaf-2 | 26 | LEAF-2 | # Leaf-2 |
rdp | 27 | RDP | # "reliable datagram" protocol |
irtp | 28 | IRTP | # Internet Reliable Transaction Protocol |
iso-tp4 | 29 | ISO-TP4 | # ISO Transport Protocol Class 4 |
netblt | 30 | NETBLT | # Bulk Data Transfer Protocol |
mfe-nsp | 31 | MFE-NSP | # MFE Network Services Protocol |
merit-inp | 32 | MERIT-INP | #MERIT Internodal Protocol |
dccp | 33 | DCCP | # Datagram Congestion Control Protocol |
3pc | 34 | 3PC | # Third Party Connect Protocol |
idpr | 35 | IDPR | # Inter-Domain Policy Routing Protocol |
xtp | 36 | XTP | # Xpress Tranfer Protocol |
ddp | 37 | DDP | # Datagram Delivery Protocol |
idpr-cmtp | 38 | IDPR-CMTP | # IDPR Control Message Transport Proto |
tp++ | 39 | TP++ | # TP++ Transport Protocol |
il | 40 | IL | # IL Transport Protocol |
ipv6 | 41 | IPV6 | # ipv6 |
sdrp | 42 | SDRP | # Source Demand Routing Protocol |
ipv6-route | 43 | IPV6-ROUTE | # routing header for ipv6 |
ipv6-frag | 44 | IPV6-FRAG | # fragment header for ipv6 |
idrp | 45 | IDRP | # Inter-Domain Routing Protocol |
rsvp | 46 | RSVP | # Resource ReSerVation Protocol |
gre | 47 | GRE | # Generic Routing Encapsulation |
dsr | 48 | DSR | # Dynamic Source Routing Protocol |
bna | 49 | BNA | # BNA |
esp | 50 | ESP | # encapsulating security payload |
ah | 51 | AH | # authentication header |
i-nlsp | 52 | I-NLSP | # Integrated Net Layer Security TUBA |
swipe | 53 | SWIPE | # IP with Encryption |
narp | 54 | NARP | # NBMA Address Resolution Protocol |
mobile | 55 | MOBILE | # IP Mobility |
tlsp | 56 | TLSP | # Transport Layer Security Protocol |
skip | 57 | SKIP | # SKIP |
ipv6-icmp | 58 | IPV6-ICMP icmp6 | # ICMP for IPv6 |
ipv6-nonxt | 59 | IPV6-NONXT | # no next header for ipv6 |
ipv6-opts | 60 | IPV6-OPTS | # destination options for ipv6 |
# | 61 | # any host internal protocol | |
cftp | 62 | CFTP | # CFTP |
# | 63 | # any local network | |
sat-expak | 64 | SAT-EXPAK | # SATNET and Backroom EXPAK |
kryptolan | 65 | KRYPTOLAN | # Kryptolan |
rvd | 66 | RVD | # MIT Remote Virtual Disk Protocol |
ippc | 67 | IPPC | # Internet Pluribus Packet Core |
# | 68 | # any distributed filesystem | |
sat-mon | 69 | SAT-MON | # SATNET Monitoring |
visa | 70 | VISA | # VISA Protocol |
ipcv | 71 | IPCV | # Internet Packet Core Utility |
cpnx | 72 | CPNX | # Computer Protocol Network Executive |
cphb | 73 | CPHB | # Computer Protocol Heart Beat |
wsn | 74 | WSN | # Wang Span Network |
pvp | 75 | PVP | # Packet Video Protocol |
br-sat-mon | 76 | BR-SAT-MON | # Backroom SATNET Monitoring |
sun-nd | 77 | SUN-ND | # SUN ND PROTOCOL-Temporary |
wb-mon | 78 | WB-MON | # WIDEBAND Monitoring |
wb-expak | 79 | WB-EXPAK | # WIDEBAND EXPAK |
iso-ip | 80 | ISO-IP | # ISO Internet Protocol |
vmtp | 81 | VMTP | # Versatile Message Transport |
secure-vmtp | 82 | SECURE-VMTP | # SECURE-VMTP |
vines | 83 | VINES | # VINES |
ttp | 84 | TTP | # TTP |
nsfnet-igp | 85 | NSFNET-IGP | # NSFNET-IGP |
dgp | 86 | DGP | # Dissimilar Gateway Protocol |
tcf | 87 | TCF | # TCF |
eigrp | 88 | EIGRP | # Enhanced Interior Routing Protocol (Cisco) |
ospf | 89 | OSPFIGP | # Open Shortest Path First IGP |
sprite-rpc | 90 | Sprite-RPC | # Sprite RPC Protocol |
larp | 91 | LARP | # Locus Address Resolution Protocol |
mtp | 92 | MTP | # Multicast Transport Protocol |
ax.25 | 93 | AX.25 | # AX.25 Frames |
ipip | 94 | IPIP | # Yet Another IP encapsulation |
micp | 95 | MICP | # Mobile Internetworking Control Pro |
scc-sp | 96 | SCC-SP | # Semaphore Communications Sec. Pro. |
etherip | 97 | ETHERIP | # Ethernet-within-IP Encapsulation |
encap | 98 | ENCAP | # Yet Another IP encapsulation |
# | 99 | # any private encryption scheme | |
gmtp | 100 | GMTP | # GMTP |
ifmp | 101 | IFMP | # Ipsilon Flow Management Protocol |
pnni | 102 | PNNI | # PNNI over IP |
pim | 103 | PIM | # Protocol Independent Multicast |
aris | 104 | ARIS | # ARIS |
scps | 105 | SCPS | # SCPS |
qnx | 106 | QNX | # QNX |
a/n | 107 | A/N | # Active Networks |
ipcomp | 108 | IPComp | # IP Payload Compression Protocol |
snp | 109 | SNP | # Sitara Networks Protocol |
compaq-peer | 110 | Compaq-Peer | # Compaq Peer Protocol |
ipx-in-ip | 111 | IPX-in-IP | # IPX in IP |
carp | 112 | CARP vrrp | # Common Address Redundancy Protocol |
pgm | 113 | PGM | # PGM Reliable Transport Protocol |
# | 114 | # any 0-hop protocol | |
l2tp | 115 | L2TP | # Layer Two Tunneling Protocol |
ddx | 116 | DDX | # D-II Data Exchange |
iatp | 117 | IATP | # Interactive Agent Transfer Protocol |
stp | 118 | STP | # Schedule Transfer Protocol |
srp | 119 | SRP | # SpectraLink Radio Protocol |
uti | 120 | UTI | # UTI |
smp | 121 | SMP | # Simple Message Protocol |
sm | 122 | SM | # SM |
ptp | 123 | PTP | # Performance Transparency Protocol |
isis | 124 | ISIS | # ISIS over IPv4 |
fire | 125 | FIRE | |
crtp | 126 | CRTP | # Combat Radio Transport Protocol |
crudp | 127 | CRUDP | # Combat Radio User Datagram |
sscopmce | 128 | SSCOPMCE | |
iplt | 129 | IPLT | |
sps | 130 | SPS | # Secure Packet Shield |
pipe | 131 | PIPE | # Private IP Encapsulation within IP |
sctp | 132 | SCTP | # Stream Control Transmission Protocol |
fc | 133 | FC | # Fibre Channel |
rsvp-e2e-ignore | 134 | RSVP-E2E-IGNORE | # Aggregation of RSVP for IP reservations |
mobility-header | 135 | Mobility-Header | # Mobility Support in IPv6 |
udplite | 136 | UDPLite | # The UDP-Lite Protocol |
mpls-in-ip | 137 | MPLS-IN-IP | # Encapsulating MPLS in IP |
# | 138-254 | # Unassigned | |
pfsync | 240 | PFSYNC | # PF Synchronization |
# | 255 | # Reserved | |
divert | 258 | DIVERT | # Divert pseudo-protocol [non IANA] |
Ссылки:
К содержанию