Text only | Text with Images

OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: binaryanomaly on June 30, 2021, 09:40:22 AM

Title: Firewall log proto/protoname to rule protcol mapping [solved]
Post by: binaryanomaly on June 30, 2021, 09:40:22 AM
Hi,

In the live log I see that a connection gets blocked:
Code Select

proto 0
protoname ip


Now I want to create a rule that allows this.
But I have no "ip" only protocol I could select nor a number "0" in the rule creation UI.

How can one translate the protocol mentioned in the log to the ones available for the rules?

Edit: As it does not appear in the logs atm it seems that my guess for IPV6-ICMP may have been right - but how could I determine without guessing?
Title: Re: Firewall log proto/protoname to rule protcol mapping
Post by: binaryanomaly on June 30, 2021, 11:34:28 AM
OK, it seems that

Code Select
proto actually is the "ip protocol number" in the ipx header field (https://en.wikipedia.org/wiki/IPv4#Header (https://en.wikipedia.org/wiki/IPv4#Header)).

Therefore the translation table here can be used:
https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers (https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers)

Text only | Text with Images