From owner-freebsd-stable  Mon Mar 26  6:33:57 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from smtp6.mindspring.com (smtp6.mindspring.com [207.69.200.110])
	by hub.freebsd.org (Postfix) with ESMTP id D2FDD37B76A
	for <stable@freebsd.org>; Mon, 26 Mar 2001 06:33:41 -0800 (PST)
	(envelope-from mvh@ix.netcom.com)
Received: from netcom1.netcom.com (lai-ca17b-100.ix.netcom.com [204.32.29.100])
	by smtp6.mindspring.com (8.9.3/8.8.5) with ESMTP id JAA23428;
	Mon, 26 Mar 2001 09:33:39 -0500 (EST)
Received: by netcom1.netcom.com (Postfix, from userid 1000)
	id 68F1A113EA6; Mon, 26 Mar 2001 06:33:03 -0800 (PST)
From: Mike Harding <mvh@ix.netcom.com>
To: rara.rasputin@virgin.net
Cc: stable@freebsd.org
In-reply-to: <20010326122040.A41923@dogma.freebsd-uk.eu.org> (message from
	Rasputin on Mon, 26 Mar 2001 12:20:40 +0100)
Subject: Re: ipf idiot wants to roam
References: <E14hExB-0003q8-00@rip.psg.com> <20010325190503.6C7F4113BD0@netcom1.netcom.com> <20010326122040.A41923@dogma.freebsd-uk.eu.org>
Message-Id: <20010326143303.68F1A113EA6@netcom1.netcom.com>
Date: Mon, 26 Mar 2001 06:33:03 -0800 (PST)
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


It will work, you just won't have a working firewall.  I filed a PR
about this after discovering that ipf wasn't filtering _any_ packets
coming in.  Yech.  If you have a static address it may not be an
issue.  I use dial-on-demand as well, but with a dynamic address.

- Mike H.

   Date: Mon, 26 Mar 2001 12:20:40 +0100
   From: Rasputin <rara.rasputin@virgin.net>
   Reply-To: Rasputin <rara.rasputin@virgin.net>
   Content-Type: text/plain; charset=us-ascii
   Sender: owner-freebsd-stable@FreeBSD.ORG
   X-Loop: FreeBSD.ORG
   Precedence: bulk

   * Mike Harding <mvh@ix.netcom.com> [010325 20:06]:
   > 
   > You can specify interfaces by name in your rules - but you have to
   > issue 'ipf -y' to sync up with interface address changes.  I've done
   > this with a dial-up line by putting 'ipf -y' in /etc/rc.network at the
   > end of pass 1.  This file should be updated in the distribution so
   > that this happens automatically or ppp users may not see any packet
   > filtering!

   Well I've been using ipf on a dialup for a year now, and don't have an ipf -y
   anywhere in my config files. Maybe it's because I use tun0 demand-dialling?

   Or is the manpage (man 1 ipf) correct?

	  -y     (SOLARIS 2  ONLY)  Manually  resync  the  in-kernel
		  ^^^^^^^^^^^^^^^
		 interface  list  maintained  by  IP Filter with the
		 current interface status list.

   Either the manpage or the ppp linkup fiels should be modified, I reckon.

   -- 
   Rasputin
   Jack of All Trades :: Master of Nuns

   To Unsubscribe: send mail to majordomo@FreeBSD.org
   with "unsubscribe freebsd-stable" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message