Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 21 Dec 2004 18:14:19 +0300
From:      a person <a@newchem.ru>
To:        Frank Shute <frank@esperance-linux.co.uk>
Cc:        freebsd-stable@freebsd.org
Subject:   Re[2]: ppp filtering troubles
Message-ID:  <639007768.20041221181419@newchem.ru>
In-Reply-To: <20041221075321.GA68572@peach.veggie.com>
References:  <1668118093.20041220181056@newchem.ru> <20041221075321.GA68572@peach.veggie.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hello Frank,

Tuesday, December 21, 2004, 10:53:21 AM, you wrote:

>>   I have in ppp.conf:
>>   isp:
>>       set timeout    180 180
>> 
>>   Adding the next rulse to isp: section:
>>       set filter     alive 0 permit 0 MYADDR tcp dst eq 25
>>       set filter     alive 1 permit MYADDR 0 tcp src eq 25
>>       set filter     alive 2 permit MYADDR 0 tcp dst eq 25
>>       set filter     alive 3 permit 0 MYADDR tcp src eq 25
>>       set filter     alive 12 permit 0 MYADDR tcp dst eq 22
>>       set filter     alive 13 permit MYADDR 0 tcp src eq 22
>>   despite of this rules connections cuts out over the 3 minutes.
>> 
>>   What is the best way to reset timers only for 22 and 25 ports?
>>   4.10-STABLE.

FS> ppp(8) (4.11-PRERELEASE):

#-->>

FS> A filter definition has the following syntax:

FS>          set filter name rule-no action [!] [[host] src_addr[/width]
FS>          [dst_addr[/width]]] [proto [src cmp port] [dst cmp port] [estab]
FS>          [syn] [finrst] [timeout secs]]

FS> #--<

FS> ie. in your filter rules you've set the port but not the timeout. If
FS> no timeout is set for each filter rule then they will default to the
FS> timeout given by "set timeout" or 180s if it's not set.

FS> I'm not sure what you're doing but an alternative might be to a call a
FS> script from ppp.linkup which adds or deletes firewall rules after a
FS> sleep(1)

What am I doing is that I wish to clear timeouts which the "set timeout"
command sets. As I've understood a using of "MYADDR" keyword prevents
a correct "set filter" rules processing by the "alive" filter when the
ones are invoked from the "ppp.conf" file. So I've relocated the "set
filter alive/dail" rules to the "ppp.linkup" file.
It's over.
Thanks.

Best regards, Illia.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?639007768.20041221181419>