firewall log interpretation

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
roland90
DD-WRT User


Joined: 22 Oct 2015
Posts: 123
PostPosted: Sat Nov 27, 2021 2:59    Post subject: firewall log interpretation Reply with quote
I have some interesting lines in firewall log that I don't understand.
Code:
May  6 15:10:23 DD-WRT kern.warn kernel: [505838.591563] DROP IN=ppp0 OUT= MAC= SRC=1.1.1.1 DST=7.7.7.7 LEN=578 TOS=0x00 PREC=0x00 TTL=52 ID=57853 DF PROTO=47

May 10 05:05:31 DD-WRT kern.warn kernel: [815451.315469] DROP IN=ppp0 OUT= MAC= SRC=2.2.2.2 DST=7.7.7.7 LEN=56 TOS=0x00 PREC=0x00 TTL=109 ID=0 PROTO=ICMP TYPE=3 CODE=3 [SRC=7.7.7.7 DST=2.2.2.2 LEN=128 TOS=0x00 PREC=0x60 TTL=240 ID=31383 PROTO=UD

May 14 18:29:21 DD-WRT kern.warn kernel: [1209666.230900] DROP IN=ppp0 OUT= MAC= SRC=3.3.3.3 DST=4.4.4.4 LEN=168 TOS=0x00 PREC=0x00 TTL=237 ID=0 DF PROTO=ICMP TYPE=11 CODE=0 [SRC=4.4.4.4 DST=9.9.9.9 LEN=35 TOS=0x00 PREC=0x00 TTL=1 ID=24060 PROTO=U
 
Aug 12 16:18:49 DD-WRT kern.warn kernel: [987511.468384] DROP IN=ppp0 OUT= MAC= SRC=5.5.5.5 DST=6.6.6.6 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=48123 PROTO=0


So far I thought PROTO could be only TCP, UDP or ICMP
What is PROTO=47, U, UD, 0?
Why PROTO can be sometimes found twice within one line?
Back to top View user's profile Send private message
Sponsor
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs
PostPosted: Sat Nov 27, 2021 15:44    Post subject: Reply with quote
@roland90 Hi.

I suggest you read manual pages on iptables

Other related reading to start

https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers
https://en.wikipedia.org/wiki/IP_routing
https://en.wikipedia.org/wiki/Category:Transport_layer_protocols
https://en.wikipedia.org/wiki/Point-to-Point_Protocol

And likely others are linked from those two that will explains half of your questions.

I'm sorry that my answer isn't the butter on bread ready to eat you were likely expecting.

Im also sure others will chime in in the meanwhile.

Have a nice weekend. =)
_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
Back to top View user's profile Send private message Visit poster's website
roland90
DD-WRT User


Joined: 22 Oct 2015
Posts: 123
PostPosted: Sat Nov 27, 2021 21:33    Post subject: Reply with quote
Thanks I will read it.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum