From owner-freebsd-questions Wed Jan 31 11:49: 5 2001 Delivered-To: freebsd-questions@freebsd.org Received: from karon.dynas.se (karon.dynas.se [192.71.43.4]) by hub.freebsd.org (Postfix) with SMTP id 5079037B65D for ; Wed, 31 Jan 2001 11:48:47 -0800 (PST) Received: (qmail 49978 invoked from network); 31 Jan 2001 19:48:46 -0000 Received: from unknown (HELO spirit.dynas.se) (172.16.1.10) by 172.16.1.1 with SMTP; 31 Jan 2001 19:48:46 -0000 Received: (qmail 12849 invoked from network); 31 Jan 2001 19:48:46 -0000 Received: from explorer.rsa.com (10.81.217.59) by spirit.dynas.se with SMTP; 31 Jan 2001 19:48:46 -0000 Received: (from mikko@localhost) by explorer.rsa.com (8.11.1/8.11.1) id f0VJmit58837; Wed, 31 Jan 2001 11:48:44 -0800 (PST) (envelope-from mikko) Date: Wed, 31 Jan 2001 11:48:44 -0800 (PST) From: Mikko Tyolajarvi Message-Id: <200101311948.f0VJmit58837@explorer.rsa.com> To: freebsd-questions@freebsd.org Subject: Re: ppp packet filtering Newsgroups: local.freebsd.questions References: <200101311936.f0VJa0s58753@explorer.rsa.com> X-Newsreader: NN version 6.5.6 (NOV) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In local.freebsd.questions I write: >In local.freebsd.questions you write: >>Greetings, >>I use userland ppp with the -auto and -nat flags. This is a >>good combo for me. I want to do some packet filtering for >>security reasons, and wondered if the packet filtering that >>you can do with rules in the ppp.conf is good ? The >It goes a long way if you just want to block unwanted traffic and do >NAT. The only thing I can think of that I miss is the ability to >filter ICMP packet types. Following up to myself: just had a look at the source code, and it looks like ICMP types can be matched using the, perhaps slightly bogus, syntax "icmp src eq TYPE". $.02, /Mikko -- Mikko Työläjärvi_______________________________________mikko@rsasecurity.com RSA Security To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message