From owner-freebsd-stable@FreeBSD.ORG  Tue Dec 21 15:14:38 2004
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3304916A4CE
	for <freebsd-stable@freebsd.org>;
	Tue, 21 Dec 2004 15:14:38 +0000 (GMT)
Received: from relay.newchem.ru (platan.newchem.ru [81.3.149.218])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 72C8443D48
	for <freebsd-stable@freebsd.org>;
	Tue, 21 Dec 2004 15:14:35 +0000 (GMT)	(envelope-from a@newchem.ru)
Received: from 127.0.0.1 ([192.168.204.4])
	by relay.newchem.ru (8.13.1/8.13.1) with ESMTP id iBLFEJf9085502;
	Tue, 21 Dec 2004 18:14:19 +0300 (MSK)
	(envelope-from a@newchem.ru)
X-AntiVirus: checked by AntiVir Milter 1.1-beta; AVE 6.29.0.5; VDF 6.29.0.25
	     (host: nbh-gw.newchem.ru)
X-AntiVirus: Checked by Dr.Web [version: 4.32b, engine: 4.32b, virus records:
	61634, updated: 21.12.2004]
Date: Tue, 21 Dec 2004 18:14:19 +0300
From: a person <a@newchem.ru>
X-Mailer: The Bat! (v1.62q) Personal
X-Priority: 3 (Normal)
Message-ID: <639007768.20041221181419@newchem.ru>
To: Frank Shute <frank@esperance-linux.co.uk>
In-Reply-To: <20041221075321.GA68572@peach.veggie.com>
References: <1668118093.20041220181056@newchem.ru>
 <20041221075321.GA68572@peach.veggie.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
cc: freebsd-stable@freebsd.org
Subject: Re[2]: ppp filtering troubles
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: a person <a@newchem.ru>
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Dec 2004 15:14:38 -0000

Hello Frank,

Tuesday, December 21, 2004, 10:53:21 AM, you wrote:

>>   I have in ppp.conf:
>>   isp:
>>       set timeout    180 180
>> 
>>   Adding the next rulse to isp: section:
>>       set filter     alive 0 permit 0 MYADDR tcp dst eq 25
>>       set filter     alive 1 permit MYADDR 0 tcp src eq 25
>>       set filter     alive 2 permit MYADDR 0 tcp dst eq 25
>>       set filter     alive 3 permit 0 MYADDR tcp src eq 25
>>       set filter     alive 12 permit 0 MYADDR tcp dst eq 22
>>       set filter     alive 13 permit MYADDR 0 tcp src eq 22
>>   despite of this rules connections cuts out over the 3 minutes.
>> 
>>   What is the best way to reset timers only for 22 and 25 ports?
>>   4.10-STABLE.

FS> ppp(8) (4.11-PRERELEASE):

#-->>

FS> A filter definition has the following syntax:

FS>          set filter name rule-no action [!] [[host] src_addr[/width]
FS>          [dst_addr[/width]]] [proto [src cmp port] [dst cmp port] [estab]
FS>          [syn] [finrst] [timeout secs]]

FS> #--<

FS> ie. in your filter rules you've set the port but not the timeout. If
FS> no timeout is set for each filter rule then they will default to the
FS> timeout given by "set timeout" or 180s if it's not set.

FS> I'm not sure what you're doing but an alternative might be to a call a
FS> script from ppp.linkup which adds or deletes firewall rules after a
FS> sleep(1)

What am I doing is that I wish to clear timeouts which the "set timeout"
command sets. As I've understood a using of "MYADDR" keyword prevents
a correct "set filter" rules processing by the "alive" filter when the
ones are invoked from the "ppp.conf" file. So I've relocated the "set
filter alive/dail" rules to the "ppp.linkup" file.
It's over.
Thanks.

Best regards, Illia.