From owner-freebsd-questions Mon Oct 27 05:11:51 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id FAA18836 for questions-outgoing; Mon, 27 Oct 1997 05:11:51 -0800 (PST) (envelope-from owner-freebsd-questions) Received: from sam.networx.ie (ts11-04.dublin.indigo.ie [194.125.148.193]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id FAA18819 for ; Mon, 27 Oct 1997 05:11:45 -0800 (PST) (envelope-from mike@NetworX.ie) Received: from mike (mike.networx.ie [194.9.12.33]) by sam.networx.ie (8.8.5/8.8.5) with SMTP id NAA00551 for ; Mon, 27 Oct 1997 13:12:08 GMT X-Organisation: I.T. NetworX Ltd X-Business: Network Consultancy and Training X-Address: 67 Merrion Square, Dublin 2, Ireland X-Voice: +353-1-676-8866 X-Fax: +353-1-676-8868 Date: Mon, 27 Oct 1997 13:11:09 GMT From: Michael Ryan Reply-To: mike@NetworX.ie Subject: dfilter in iijppp To: FreeBSD Support Message-ID: Priority: Normal MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Sender: owner-freebsd-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi Folks, I have set up iijppp for dial-on-demand. It's working great. Now, I want to install dfilter rules to determine what brings up the link. I want -only- http traffic (dst port = 80) to bring up the link. I'm using Squid as a proxy http cache. But, the first thing Squid will do is try to resolve the hostname into an IP address using DNS. Therefore, I would also have to allow DNS traffic to activate the link, or Squid will fail, saying it can't resolve the hostname. But, once I do this, then just about every service will cause the link to come up, e.g. both sendmail and ping will try to resolve hostnames as well. Is there any way in practise to implement intelligent dfilter rule sets. It seems to me that enabling DNS to activeate the link (as seems to be required to get Squid to work) will implicitely allow any service to activate the link... Bye, Mike ---