From owner-freebsd-bugs Sun May 20 15:30:14 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 937B037B424 for ; Sun, 20 May 2001 15:30:03 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f4KMU3H70615; Sun, 20 May 2001 15:30:03 -0700 (PDT) (envelope-from gnats) Date: Sun, 20 May 2001 15:30:03 -0700 (PDT) Message-Id: <200105202230.f4KMU3H70615@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Janet Sullivan Subject: Re: kern/27474: Interactive use of user PPP and ipfilter can be insecure Reply-To: Janet Sullivan Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR kern/27474; it has been noted by GNATS. From: Janet Sullivan To: jsnader@ix.netcom.com, freebsd-gnats-submit@freebsd.org Cc: Subject: Re: kern/27474: Interactive use of user PPP and ipfilter can be insecure Date: Sun, 20 May 2001 15:20:12 -0700 > >Fix: > Either manually reload the rules after starting PPP for the first time > or put the reload in /etc/ppp/ppp.linkup *and* start PPP as root. This > means you should probably remove ``allow user'' from ppp.conf. > > It is only necessary to reload the rules once after PPP has run. They > will then be active on subsequent runs (until a reboot, of course). The fix I use is to edit rc.network so the entire "start user PPP" section is between the "Set host name if not already set" and "establish ipf ruleset" sections. After doing that everything works fine, no manual reloads required. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message