From owner-freebsd-current Tue Jun 27 11:26:18 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA27163 for current-outgoing; Tue, 27 Jun 1995 11:26:18 -0700 Received: from freebsd.netcraft.co.uk (lambda.demon.co.uk [158.152.17.124]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA27157 ; Tue, 27 Jun 1995 11:26:12 -0700 Received: (from paul@localhost) by freebsd.netcraft.co.uk (8.6.11/8.6.9) id RAA01451; Tue, 27 Jun 1995 17:40:58 +0100 From: Paul Richards Message-Id: <199506271640.RAA01451@freebsd.netcraft.co.uk> Subject: Re: ipfw - addf reject = panic To: imb@scgt.oz.au (michael butler) Date: Tue, 27 Jun 1995 17:40:58 +0100 (BST) Cc: paul@freebsd.org, current@freebsd.org In-Reply-To: <199506271610.CAA11019@asstdc.scgt.oz.au> from "michael butler" at Jun 28, 95 02:10:38 am Reply-to: paul@freebsd.org X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Content-Length: 946 Sender: current-owner@freebsd.org Precedence: bulk In reply to michael butler who said > > Paul Richards writes: > > > The ipfw code works for me fine but using user-space PPP. I suspect > > that it is the kernel PPP code that is falling over rather than > > anything else since it was flakey in 2.0 and has since been largely > > ignored since everyones switched. > > Different code .. user-mode PPP has its own internal filter functions > executed at context-switch intervals along with the rest of the protocol. > It also currently has no facility to return ICMP unreachable indications, Ehh? I'm using ipfw, the kernel firewall code, not the user-mode PPP filtering code. I think the layering is (is this right?) modem <-> user PPP <-> tun <-> IP layer <-> ipfw <-> TCP so ipfw is always common. -- Paul Richards, Bluebird Computer Systems. FreeBSD core team member. Internet: paul@FreeBSD.org, http://www.freebsd.org/~paul Phone: 0370 462071 (Mobile), +44 1222 457651 (home)