From owner-freebsd-net  Sun Jun 10 17:35:57 2001
Delivered-To: freebsd-net@freebsd.org
Received: from whizzo.transsys.com (whizzo.TransSys.COM [144.202.42.10])
	by hub.freebsd.org (Postfix) with ESMTP id 55D0037B430
	for <FreeBSD-net@FreeBSD.ORG>; Sun, 10 Jun 2001 17:35:53 -0700 (PDT)
	(envelope-from louie@whizzo.transsys.com)
Received: from whizzo.transsys.com (#6@localhost.transsys.com [127.0.0.1])
	by whizzo.transsys.com (8.11.3/8.11.3) with ESMTP id f5B0ZaI87538;
	Sun, 10 Jun 2001 20:35:36 -0400 (EDT)
	(envelope-from louie@whizzo.transsys.com)
Message-Id: <200106110035.f5B0ZaI87538@whizzo.transsys.com>
X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4
To: Brian Somers <brian@Awfulhak.org>
Cc: moncrg@ma.ultranet.com, FreeBSD Net <FreeBSD-net@FreeBSD.ORG>
X-Image-URL: http://www.transsys.com/louie/images/louie-mail.jpg
From: "Louis A. Mamakos" <louie@TransSys.COM>
Subject: Re: how to filter out igmp spam on a ppp -nat dialup? 
References: <200106102233.f5AMXmR02476@hak.lan.Awfulhak.org> 
In-reply-to: Your message of "Sun, 10 Jun 2001 23:33:48 BST."
             <200106102233.f5AMXmR02476@hak.lan.Awfulhak.org> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sun, 10 Jun 2001 20:35:36 -0400
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

> > this traffic is holding my ppp connection open
> > for hours at a time, is there any way to filter 
> > this out
> > 
> > I tried adding `set filter in  0 deny igmp`
> > to my ppp.conf config but then I couldn't do external
> > DNS.
> 
> Try
> 
>   set filter alive 0 deny igmp
>   set filter alive 1 permit 0 0
> 
> Maybe the DNS problem was caused by not having a final permit rule 
> (falling off the end of the filter set is the same as a deny).

You ought to take the approch of specifing what sort of traffic you'd
like to have keep up the link, rather than trying to exclude types of
traffic as you happen to find it.  With a simple filter like that you'll
still have the link kept up by ICMP (e.g, PING, etc.) traffic.  Or
if you decide to run NTP, you'll have the link kept up by that periodic
traffic as well.  I you configure inclusion rules for the traffic you
care about (e.g., SMTP, ssh, etc) you'll be less likely to be surprised
in the future.

BTW, the IGMP traffic is probably due to the remote RAS box being multicast
capable and it doing periodic group membership queries on the link to see
what multicast groups the host on the other end of the link was
subscribed to.

louie


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message