Date: Tue, 21 Dec 2004 07:53:21 +0000 From: "Frank Shute" <frank@esperance-linux.co.uk> To: a person <a@newchem.ru> Cc: freebsd-stable@freebsd.org Subject: Re: ppp filtering troubles Message-ID: <20041221075321.GA68572@peach.veggie.com> In-Reply-To: <1668118093.20041220181056@newchem.ru> References: <1668118093.20041220181056@newchem.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--X1bOJ3K7DJ5YkBrT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Dec 20, 2004 at 06:10:56PM +0300, a person wrote:
>
> Hello freebsd-stable,
Hi Illia,
>=20
> I wish the server, dialing out periodically, throws a connection
> out only if it has no activities over the SMTP and SSH sessions more
> then 3 minutes (and 3 minutes minimum for connection duration time).
I'm afraid I can't parse the above sentence :(
>=20
> I have in ppp.conf:
> isp:
> set timeout 180 180
>=20
> Adding the next rulse to isp: section:
> set filter alive 0 permit 0 MYADDR tcp dst eq 25
> set filter alive 1 permit MYADDR 0 tcp src eq 25
> set filter alive 2 permit MYADDR 0 tcp dst eq 25
> set filter alive 3 permit 0 MYADDR tcp src eq 25
> set filter alive 12 permit 0 MYADDR tcp dst eq 22
> set filter alive 13 permit MYADDR 0 tcp src eq 22
> despite of this rules connections cuts out over the 3 minutes.
>=20
> What is the best way to reset timers only for 22 and 25 ports?
> 4.10-STABLE.
ppp(8) (4.11-PRERELEASE):
#-->
A filter definition has the following syntax:
set filter name rule-no action [!] [[host] src_addr[/width]
[dst_addr[/width]]] [proto [src cmp port] [dst cmp port] [estab]
[syn] [finrst] [timeout secs]]
#--<
ie. in your filter rules you've set the port but not the timeout. If
no timeout is set for each filter rule then they will default to the
timeout given by "set timeout" or 180s if it's not set.
I'm not sure what you're doing but an alternative might be to a call a
script from ppp.linkup which adds or deletes firewall rules after a
sleep(1)
>=20
> --=20
> Thanks in advance, Illia Baidakov.
>=20
HTH.
--=20
Frank=20
//-------------------------------------------------------------------------=
//
echo "f r a n k @ e s p e r a n c e - l i n u x . c o . u k" | sed -e 's/ /=
/g'
//------------------------ PGP keyID: 0x10BD6F4 ---------------------------=
//
--X1bOJ3K7DJ5YkBrT
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQA/AwUBQcfWb7yGwlIQvW9LEQKj6gCeK/7xtuJ9xvxvlnDVMNDF8LPSHx4AniXC
UTfk9o6QXuC0gVGJ1NICM9Eq
=YV6n
-----END PGP SIGNATURE-----
--X1bOJ3K7DJ5YkBrT--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041221075321.GA68572>