Date: Wed, 4 Jul 2001 03:22:41 -0400 From: parv <parv_@yahoo.com> To: Haikal Saadh <wyldephyre2@yahoo.com> Cc: questions@freebsd.org Subject: Re: ipf -y 'ing using user ppp Message-ID: <20010704032241.A1895@moo.holy.cow> In-Reply-To: <PAELLGOEIMDLEJNEBOBOCEIACBAA.wyldephyre2@yahoo.com>; from wyldephyre2@yahoo.com on Wed, Jul 04, 2001 at 03:53:09PM %2B1000 References: <PAELLGOEIMDLEJNEBOBOCEIACBAA.wyldephyre2@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
so, Haikal Saadh shared this in my lifetime... > > Hi all, > I've come to understand that everytime i dialup using user ppp, I need to > resync the filter rules using 'ipf -y'. Now, my problem is, everytime[1] I > dial up, I have to ipf -y manually myself. I would put a line in ppp.linkup, > but the thing is, ppp.linkup gets run with the priviledges of the user who > just invoked ppp, and as i have non-root users dialing out, it does not > work. > > Can anyone tell me how to automatically ipf -y when the ppp link goes up? > Especially when invoked by non-root users? > > Thanks in advance. > > > [1] Well, it seems to be needed to be done only the first time after a > reboot most of the time. > same problem here. i suppose you also have some sort of firewall. before i tweaked my ipf rules, ppp was making connection to the outside world; now [1] i have always need to do manual syncing. [1] now, the connections are ipf "default block". by the way, do you have ppp (and, ipf[w]? options) enabled in your /etc/rc.conf? admittedly i don't but i was and still do expect /etc/ppp/ppp.link(up|down) to work ... which of course don't. also, there was some discussion of it in past; you may try searching the archive. anyway, here is some of the things that can go in /etc/rc.conf: ------------------------ ppp_enable="NO" ppp_mode="auto" ppp_profile="<profile>" ppp_user="" ppp_nat="NO" ipfilter_enable="YES" ipfilter_program="/sbin/ipf -Fa -f" ipfilter_rules="/etc/ipf.conf" ipfilter_flags="-y -l nomatch" ipnat_enable="YES" ipnat_program="/sbin/ipnat -CF -f /etc/ipnat.conf" ipnat_rules="/etc/ipnat.conf" ipmon_enable="YES" ipmon_program="/sbin/ipmon" ipmon_flags="-Dsv" ------------------------ -- so, do you like word games or scrabble? - parv To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010704032241.A1895>