From owner-freebsd-hackers  Sun Jun 25 03:31:33 1995
Return-Path: hackers-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id DAA16788
          for hackers-outgoing; Sun, 25 Jun 1995 03:31:33 -0700
Received: from sbstark.cs.sunysb.edu (sbstark.cs.sunysb.edu [130.245.1.47])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id DAA16782
          ; Sun, 25 Jun 1995 03:31:30 -0700
Received: (from root@localhost) by sbstark.cs.sunysb.edu (8.6.12/8.6.9) with UUCP id GAA28939; Sun, 25 Jun 1995 06:30:08 -0400
Received: (from gene@localhost) by starkhome.cs.sunysb.edu (8.6.11/8.6.9) id GAA04989; Sun, 25 Jun 1995 06:30:54 -0400
Date: Sun, 25 Jun 1995 06:30:54 -0400
From: Gene Stark <gene@starkhome.cs.sunysb.edu>
Message-Id: <199506251030.GAA04989@starkhome.cs.sunysb.edu>
To: "Jordan K. Hubbard" <freebsd.org!jkh@sbstark.cs.sunysb.edu>
Cc: hackers@freebsd.org
In-reply-to: "Jordan K. Hubbard"'s message of Sat, 24 Jun 1995 20:53:21 +0100
Subject: Anyone else see this with ijppp?
References: <3sic2k$2na@starkhome.cs.sunysb.edu>
Sender: hackers-owner@freebsd.org
Precedence: bulk

>   Oh, and on the subject of ppp dialing up and staying up for hours, yes
>   I've set a timeout and yes I've put in a filter for dialing that blocks
>   pings and yes I've set `hosts' before `bind' in my /etc/host.conf so
>   that simple DNS queries don't trigger it.  And it still does it.. :-)

I don't see this problem.  I did have a little trouble with DNS and ntp
at first.  Below are the filters I am using.

The only real problem I have with it is the automatic 30 second redial
if a call fails.  As I mentioned in mail to the author and maintainer,
there should be a configurable backoff on this so you don't get socked
with charges for a kazillion calls (mine cost $0.10/ea.) if an unattended
machine goes beserk because the other end is inaccessible for some reason.

								- Gene

#       
# Don't keep Alive with ICMP, DNS, RIP, and NTP packet
#
 set afilter 0 deny icmp
 set afilter 1 deny udp src eq 53
 set afilter 2 deny udp dst eq 53
 set afilter 3 deny udp src eq 520
 set afilter 4 deny udp dst eq 520
 set afilter 5 deny udp src eq 123
 set afilter 6 deny udp dst eq 123
 set afilter 7 permit 0/0 0/0
#
# Don't dial with ICMP, DNS, RIP, NTP packet
#
 set dfilter 0 deny icmp
 set dfilter 1 deny udp src eq 53
 set dfilter 2 deny udp dst eq 53
# include DNS zone transfer request via TCP
 set dfilter 3 deny tcp src eq 53
 set dfilter 4 deny tcp dst eq 53
 set dfilter 5 deny udp src eq 520
 set dfilter 6 deny udp dst eq 520
 set dfilter 7 deny udp src eq 123
 set dfilter 8 deny udp dst eq 123
 set dfilter 9 permit 0/0 0/0