Tempesta Technologies
  • Home
  • Tempesta FW
    • Features
      • Web acceleration
      • Load balancing
      • Application performance monitoring
    • Performance
    • How it works
    • Deployment
    • Support
    • Knowledge base
  • Services
    • Software development
      • High performance
      • Networking
      • Databases
      • Linux kernel
      • Machine learning
      • How we work
      • Case studies
    • Performance analysis
    • Network security
      • DDoS protection
      • Application security
      • Cryptography
      • Security assessment
      • How we work
      • Case Studies
  • Solutions
    • DDoS Protection
    • Web Acceleration
  • Blog
  • Company
    • Research
    • Careers
    • Contact
Tempesta Technologies

IP Filter

The ip_proto filter restricts traffic based on the IP protocol number. For IPv4, this corresponds to the Protocol field(RFC 791 3.1). For IPv6, it corresponds to the first upper-layer protocol identified after processing supported extension headers(RFC 8200 4).

The following protocol numbers are supported:

ip_proto { 1, 6, 17, 47, 58 }

which correspond to: ICMP (1), TCP (6), UDP (17), GRE (47), ICMPv6 (58).

If the ip_proto filter is not specified, the default behavior is equivalent to:

ip_proto { 1, 6, 17, 58 }

Header Processing🔗

Traffic containing unsupported IP header features is considered anomalous and filtered.

Supported IPv6 extension headers:

  • Hop-by-Hop Options (0)
  • Routing (43)
  • Authentication Header (AH, 51)
  • Destination Options (60)
  • Mobility Header (135)

IPv6 extension headers are processed sequentially until the first upper-layer protocol is reached (RFC 8200, Section 4).

IP features not supported:

  • Encapsulating Security Payload (ESP, 50)
  • IPv4 fragmentation
  • IPv6 Fragment Header (44)

No fragment reassembly is performed.

  • Home
  • XFW
    • Basic Administration
    • Quick start
    • DNS DDoS protection
    • Observability
    • Performance
  • XFW Filtration Rules
    • Chaining
    • Evaluation Mode
    • IP Filter
    • ICMP Filter
    • DNS Filter
    • UDP Anomaly Filter
    • TCP Anomaly Filter
    • TCP Authentication Filter
    • TCP SYN Cookies
    • TCP Flags Filter
    • Destination Filter
    • Source Filter
    • Protected Network Definition
    • Rate Limits
    • Default Rules
  • Manager
    • Management daemon
    • Client library
    • Command line interface
  • DDoS Protection Use Cases
    • DNS server
    • Web server
    • Advanced Protection
  • Troubleshooting
    • Troubleshooting System Description
    • Troubleshooting System Verification Script
    • Troubleshooting Netconsole Configuration
    • Troubleshooting Server
    • Troubleshooting Support Server

Powered by Tempesta FW

Stay up to date with our latest developments

Useful Links

Home
Blog

Tempesta® FW

Features
Performance
Deployment
Support
Knowledge Base

Services

Software Development
Performance analysis
Network Security

Solutions

DDoS Protection

Web Acceleration

Company

Research
Careers
Contact