From owner-freebsd-stable@FreeBSD.ORG Tue Dec 21 07:54:32 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6465A16A4CE for ; Tue, 21 Dec 2004 07:54:32 +0000 (GMT) Received: from mailout.zetnet.co.uk (mailout.zetnet.co.uk [194.247.47.231]) by mx1.FreeBSD.org (Postfix) with ESMTP id BCB5D43D2D for ; Tue, 21 Dec 2004 07:54:31 +0000 (GMT) (envelope-from frank@esperance-linux.co.uk) Received: from irwell.zetnet.co.uk ([194.247.47.48] helo=zetnet.co.uk) by mailout.zetnet.co.uk with esmtp (Exim 3.36 #1 (Debian)) id 1Cgeqk-0007Mi-00 for ; Tue, 21 Dec 2004 07:54:30 +0000 Received: from esperance.zetnet.co.uk (bts-0077.dialup.zetnet.co.uk [194.247.48.77])iBL7sSaW018246 for ; Tue, 21 Dec 2004 07:54:29 GMT Received: (qmail 68613 invoked by uid 1001); 21 Dec 2004 07:53:21 -0000 From: "Frank Shute" Date: Tue, 21 Dec 2004 07:53:21 +0000 To: a person Message-ID: <20041221075321.GA68572@peach.veggie.com> Mail-Followup-To: a person , freebsd-stable@freebsd.org References: <1668118093.20041220181056@newchem.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="X1bOJ3K7DJ5YkBrT" Content-Disposition: inline In-Reply-To: <1668118093.20041220181056@newchem.ru> User-Agent: Mutt/1.4.2.1i X-Operating-System: FreeBSD 4.11-PRERELEASE i386 X-Organisation: 'Esperance Linux' cc: freebsd-stable@freebsd.org Subject: Re: ppp filtering troubles X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Frank Shute List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Dec 2004 07:54:32 -0000 --X1bOJ3K7DJ5YkBrT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Dec 20, 2004 at 06:10:56PM +0300, a person wrote: > > Hello freebsd-stable, Hi Illia, >=20 > I wish the server, dialing out periodically, throws a connection > out only if it has no activities over the SMTP and SSH sessions more > then 3 minutes (and 3 minutes minimum for connection duration time). I'm afraid I can't parse the above sentence :( >=20 > I have in ppp.conf: > isp: > set timeout 180 180 >=20 > Adding the next rulse to isp: section: > set filter alive 0 permit 0 MYADDR tcp dst eq 25 > set filter alive 1 permit MYADDR 0 tcp src eq 25 > set filter alive 2 permit MYADDR 0 tcp dst eq 25 > set filter alive 3 permit 0 MYADDR tcp src eq 25 > set filter alive 12 permit 0 MYADDR tcp dst eq 22 > set filter alive 13 permit MYADDR 0 tcp src eq 22 > despite of this rules connections cuts out over the 3 minutes. >=20 > What is the best way to reset timers only for 22 and 25 ports? > 4.10-STABLE. ppp(8) (4.11-PRERELEASE): #--> A filter definition has the following syntax: set filter name rule-no action [!] [[host] src_addr[/width] [dst_addr[/width]]] [proto [src cmp port] [dst cmp port] [estab] [syn] [finrst] [timeout secs]] #--< ie. in your filter rules you've set the port but not the timeout. If no timeout is set for each filter rule then they will default to the timeout given by "set timeout" or 180s if it's not set. I'm not sure what you're doing but an alternative might be to a call a script from ppp.linkup which adds or deletes firewall rules after a sleep(1) >=20 > --=20 > Thanks in advance, Illia Baidakov. >=20 HTH. --=20 Frank=20 //-------------------------------------------------------------------------= // echo "f r a n k @ e s p e r a n c e - l i n u x . c o . u k" | sed -e 's/ /= /g' //------------------------ PGP keyID: 0x10BD6F4 ---------------------------= // --X1bOJ3K7DJ5YkBrT Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQA/AwUBQcfWb7yGwlIQvW9LEQKj6gCeK/7xtuJ9xvxvlnDVMNDF8LPSHx4AniXC UTfk9o6QXuC0gVGJ1NICM9Eq =YV6n -----END PGP SIGNATURE----- --X1bOJ3K7DJ5YkBrT--