From owner-freebsd-doc@FreeBSD.ORG Wed Aug 18 16:40:47 2004 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B68A16A4D2 for ; Wed, 18 Aug 2004 16:40:01 +0000 (GMT) Received: from postino4.prima.com.ar (postino4.prima.com.ar [200.42.0.162]) by mx1.FreeBSD.org (Postfix) with SMTP id A02F043D5C for ; Wed, 18 Aug 2004 16:39:59 +0000 (GMT) (envelope-from gervi@ciudad.com.ar) Received: (qmail 92757 invoked from network); 18 Aug 2004 16:39:57 -0000 Received: from unknown (HELO pcarboni) (200.42.0.245) by postino4.prima.com.ar with SMTP; 18 Aug 2004 16:39:57 -0000 From: "Pablo Carboni" Organization: - To: doc@FreeBSD.org Date: Wed, 18 Aug 2004 13:39:57 -0300 MIME-Version: 1.0 Message-ID: <41235C2D.14650.6648359D@localhost> Priority: normal X-mailer: Pegasus Mail for Windows (v4.02) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Subject: Wrong example in faq for ppp X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: gervi@ciudad.com.ar List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Aug 2004 16:40:49 -0000 Dear sir, While trying to set up ppp filters for my dialup-on-demand link, I've found on http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/ppp.html (Chapter 14), 14.17 item, the following: set dfilter 1 deny udp src eq 53 set dfilter 2 deny udp dst eq 53 set dfilter 3 permit 0/0 0/0 The example written above, doesn't work at least with FreeBSD v4.2 or greater. (At least, I've tested on 4.2, 4.7, 4.8, 4.9, and 4.10, and looked over usr/sbin/ppp sources, where it doesn't appear. In fact, and older version for README.changes file, which cvs log says "Mon Jun 8 20:23:43 1998 UTC ", states: "o Filters are now called `allow', `dial', `in' and `out'. `set ifilter ...' becomes `set filter in ...' etc.". I think the example above should be written as: set filter dial 0 deny udp src eq 53 set filter dial 1 deny udp dst eq 53 set filter dial 2 permit 0/0 0/0 (Note the space before 'set' command, and the '0' dial rule) It should be noted that ppp filters only work if a 'zero' rule exists for each purpose. (Dial, alive, in, out). In other words, the 'dial' rule, with zero as starting number, is which triggers the rest of the 'dial' filter rules (and does the dial-up link) Btw, a 'dfilter' word appears also on http://www.freebsd.org/doc/en_US.ISO8859- 1/books/handbook/userppp.html, 21.2.1.5 'Final System configuration': "If you do not like this, it is possible to set up a ``dfilter'' to block SMTP traffic. Refer to the sample files for further details" Pablo Carboni. [gervi@ciudad.com.ar]