From owner-freebsd-questions Wed Jul 4 0:18:57 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mtiwmhc25.worldnet.att.net (mtiwmhc25.worldnet.att.net [204.127.131.50]) by hub.freebsd.org (Postfix) with ESMTP id B7C6537B403 for ; Wed, 4 Jul 2001 00:18:53 -0700 (PDT) (envelope-from parv@worldnet.att.net) Received: from worldnet.att.net ([32.100.199.246]) by mtiwmhc25.worldnet.att.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with ESMTP id <20010704071851.DSDR5127.mtiwmhc25.worldnet.att.net@worldnet.att.net>; Wed, 4 Jul 2001 07:18:51 +0000 Received: by worldnet.att.net (Postfix, from userid 1001) id DA75750D5F; Wed, 4 Jul 2001 03:22:41 -0400 (EDT) Date: Wed, 4 Jul 2001 03:22:41 -0400 From: parv To: Haikal Saadh Cc: questions@freebsd.org Subject: Re: ipf -y 'ing using user ppp Message-ID: <20010704032241.A1895@moo.holy.cow> Mail-Followup-To: Haikal Saadh , questions@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: ; from wyldephyre2@yahoo.com on Wed, Jul 04, 2001 at 03:53:09PM +1000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG so, Haikal Saadh shared this in my lifetime... > > Hi all, > I've come to understand that everytime i dialup using user ppp, I need to > resync the filter rules using 'ipf -y'. Now, my problem is, everytime[1] I > dial up, I have to ipf -y manually myself. I would put a line in ppp.linkup, > but the thing is, ppp.linkup gets run with the priviledges of the user who > just invoked ppp, and as i have non-root users dialing out, it does not > work. > > Can anyone tell me how to automatically ipf -y when the ppp link goes up? > Especially when invoked by non-root users? > > Thanks in advance. > > > [1] Well, it seems to be needed to be done only the first time after a > reboot most of the time. > same problem here. i suppose you also have some sort of firewall. before i tweaked my ipf rules, ppp was making connection to the outside world; now [1] i have always need to do manual syncing. [1] now, the connections are ipf "default block". by the way, do you have ppp (and, ipf[w]? options) enabled in your /etc/rc.conf? admittedly i don't but i was and still do expect /etc/ppp/ppp.link(up|down) to work ... which of course don't. also, there was some discussion of it in past; you may try searching the archive. anyway, here is some of the things that can go in /etc/rc.conf: ------------------------ ppp_enable="NO" ppp_mode="auto" ppp_profile="" ppp_user="" ppp_nat="NO" ipfilter_enable="YES" ipfilter_program="/sbin/ipf -Fa -f" ipfilter_rules="/etc/ipf.conf" ipfilter_flags="-y -l nomatch" ipnat_enable="YES" ipnat_program="/sbin/ipnat -CF -f /etc/ipnat.conf" ipnat_rules="/etc/ipnat.conf" ipmon_enable="YES" ipmon_program="/sbin/ipmon" ipmon_flags="-Dsv" ------------------------ -- so, do you like word games or scrabble? - parv To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message