PDA

View Full Version : Block packet

loco
May 25th, 2009, 14:52
I've been receiving some types of packages that have never seen:
21:42:57.332802 IP 66.x.x.x > 66.x.x.x: ip-proto-255 40
21:42:57.332814 IP 66.x.x.x > 66.x.x.x: ip-proto-255 40
21:42:57.332821 IP 66.x.x.x > 66.x.x.x: ip-proto-255 40
21:42:57.332828 IP 66.x.x.x > 66.x.x.x: ip-proto-255 40
21:42:57.332835 IP 66.x.x.x > 66.x.x.x: ip-proto-255 40
21:42:57.332843 IP 66.x.x.x > 66.x.x.x: ip-proto-255 40
21:42:57.332855 IP 66.x.x.x > 66.x.x.x: ip-proto-255 40
21:42:57.332862 IP 66.x.x.x > 66.x.x.x: ip-proto-255 40
21:42:57.332870 IP 66.x.x.x > 66.x.x.x: ip-proto-255 40
21:42:57.332876 IP 66.x.x.x > 66.x.x.x: ip-proto-255 40
21:42:57.332884 IP 66.x.x.x > 66.x.x.x: ip-proto-255 40
21:42:57.332896 IP 66.x.x.x > 66.x.x.x: ip-proto-255 40
21:42:57.332903 IP 66.x.x.x > 66.x.x.x: ip-proto-255 40
21:42:57.332910 IP 66.x.x.x > 66.x.x.x: ip-proto-255 40
21:42:57.333273 IP 66.x.x.x > 66.x.x.x: ip-proto-255 40
21:42:57.333281 IP 66.x.x.x > 66.x.x.x: ip-proto-255 40
21:42:57.333289 IP 66.x.x.x > 66.x.x.x: ip-proto-255 40
21:42:57.333296 IP 66.x.x.x > 66.x.x.x: ip-proto-255 40
How to block these packets in ipf or ipfw?
DutchDaemon
May 25th, 2009, 15:01
If you have a default block rule and only allow traffic from/to tcp, udp and/or icmp, those protocols are already blocked. For your information, tcp is protocol 6, udp is protocol 17, and icmp is protocol 1. All protocols are covered in /etc/protocols, and for any of those to make it through your firewall, you'd have to allow them explicitly.
loco
May 25th, 2009, 18:11
thanks, now I understand :]