20:18:33.523088 vr0 @0:13 b 81.57.134.67,3620 -> 172.22.1.22,110 PR tcp
len 20 44 -AR IN

What exactly does that mean?

At the time above, out the interface vr0, via the rule number? (What is
the 0:13) a packet was blocked from ip/port above to ip/port above.
Protocol tcp, len 20? What does that mean? 44? -AR?

I've never fully understood this firewall log, maybe now is a good time
to have it clarified :)

Brandon


-----Original Message-----
From: Manuel Kasper [mailto:mk at neon1 dot net] 
Sent: Monday, January 26, 2004 4:49 AM
To: Brandon Holland
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] m0n0wall dropping packets when using bittorrent

Brandon Holland wrote:

> Let me clarify: m0n0 even logs my dropped packets.  Now, I'm not using
> bittorrent either, but the concept is the same.
> 
> By the way, I should have finished reading your message before I asked
> if you had tried any other firewalls :)

Logged dropped packets? Well if they are logged then there was a reason 
to drop them - a block rule (or no matching pass rule). Common reason:

- TCP packets that ipfilter considers to be out-of-window or otherwise 
unacceptable (it checks various things such as flags, 3-way handshake 
adherance, sequence/ACK numbers, etc.) and that therefore don't match an

entry in the state table but don't have only SYN set either --> blocked 
(stateful filtering!)

Otherwise you'll have to use the rule numbers in the logs to find out 
which rule actually caused the packet to be dropped (ipfstat -hnio on 
status.php).

And to those with asymmetric links: remember that any uncapped upload 
can easily "kill" your connection (render it extremely slow) - use the 
traffic shaper or limit the outbound speed in your P2P filesharing
tools! ;)

- Manuel

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch