From owner-freebsd-questions Wed Jan 31 11:43:13 2001 Delivered-To: freebsd-questions@freebsd.org Received: from karon.dynas.se (karon.dynas.se [192.71.43.4]) by hub.freebsd.org (Postfix) with SMTP id B393E37B503 for ; Wed, 31 Jan 2001 11:42:55 -0800 (PST) Received: (qmail 49755 invoked from network); 31 Jan 2001 19:36:11 -0000 Received: from softdnserror (HELO spirit.dynas.se) (172.16.1.10) by softdnserror with SMTP; 31 Jan 2001 19:36:11 -0000 Received: (qmail 12313 invoked from network); 31 Jan 2001 19:36:11 -0000 Received: from explorer.rsa.com (10.81.217.59) by spirit.dynas.se with SMTP; 31 Jan 2001 19:36:11 -0000 Received: (from mikko@localhost) by explorer.rsa.com (8.11.1/8.11.1) id f0VJa0s58753; Wed, 31 Jan 2001 11:36:00 -0800 (PST) (envelope-from mikko) Date: Wed, 31 Jan 2001 11:36:00 -0800 (PST) From: Mikko Tyolajarvi Message-Id: <200101311936.f0VJa0s58753@explorer.rsa.com> To: darryl@osborne-ind.com Cc: freebsd-questions@freebsd.org Subject: Re: ppp packet filtering Newsgroups: local.freebsd.questions References: <003501c08b9a$c3c9f170$0701a8c0@darryl> X-Newsreader: NN version 6.5.6 (NOV) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In local.freebsd.questions you write: >Greetings, >I use userland ppp with the -auto and -nat flags. This is a >good combo for me. I want to do some packet filtering for >security reasons, and wondered if the packet filtering that >you can do with rules in the ppp.conf is good ? The It goes a long way if you just want to block unwanted traffic and do NAT. The only thing I can think of that I miss is the ability to filter ICMP packet types. >tutorials I've seen start off by configuring NAT on the system >then using one of the system filtering programs to do the >job. Seems like overkill if ppp can do the job. Indeed. Have you had a look at /usr/share/examples/ppp/ppp.conf.sample? It contains sample configurations for pretty much anything you may want to do. And the ppp(8) man page has loads of information too. $.02, /Mikko -- Mikko Työläjärvi_______________________________________mikko@rsasecurity.com RSA Security To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message