On Sat, 23 Apr 2016 13:04:36 -0400 Harris Paltrowitz <harrisupst...@yahoo.com> wrote:
> I noticed a mention of "microsoft-ds" in > there... I assume this is just a protocol, and not a piece of > software! Yes, iptables is being helpful in giving you a common name for the port or protocol used. It picks the name out of /etc/services, which is a useful file to know about. There is also an /etc/protocols, which is a list of actual IP protocols, but this is not as generally useful, tcp, udp and icmp are the commonly-used ones. Many VPNs use other IP protocols to carry the encrypted traffic. Reco suggests using iptables -nvL which will give numeric IP addresses and CIDR ranges, and avoid looking up either service names or DNS. You might also try iptables -S which will list the rules in the form that you would enter by hand as arguments to the iptables command. It is a different view, and you may see things that are less obvious in the -L view. Remember that IPv6 is alive and well in quite a lot of hardware these days, and there is an ip6tables to deal with it. -- Joe
