Date: Wed, 18 Aug 2004 13:39:57 -0300 From: "Pablo Carboni" <gervi@ciudad.com.ar> To: doc@FreeBSD.org Subject: Wrong example in faq for ppp Message-ID: <41235C2D.14650.6648359D@localhost>
next in thread | raw e-mail | index | archive | help
Dear sir, While trying to set up ppp filters for my dialup-on-demand link, I've found on http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/ppp.html (Chapter 14), 14.17 item, the following: set dfilter 1 deny udp src eq 53 set dfilter 2 deny udp dst eq 53 set dfilter 3 permit 0/0 0/0 The example written above, doesn't work at least with FreeBSD v4.2 or greater. (At least, I've tested on 4.2, 4.7, 4.8, 4.9, and 4.10, and looked over usr/sbin/ppp sources, where it doesn't appear. In fact, and older version for README.changes file, which cvs log says "Mon Jun 8 20:23:43 1998 UTC ", states: "o Filters are now called `allow', `dial', `in' and `out'. `set ifilter ...' becomes `set filter in ...' etc.". I think the example above should be written as: set filter dial 0 deny udp src eq 53 set filter dial 1 deny udp dst eq 53 set filter dial 2 permit 0/0 0/0 (Note the space before 'set' command, and the '0' dial rule) It should be noted that ppp filters only work if a 'zero' rule exists for each purpose. (Dial, alive, in, out). In other words, the 'dial' rule, with zero as starting number, is which triggers the rest of the 'dial' filter rules (and does the dial-up link) Btw, a 'dfilter' word appears also on http://www.freebsd.org/doc/en_US.ISO8859- 1/books/handbook/userppp.html, 21.2.1.5 'Final System configuration': "If you do not like this, it is possible to set up a ``dfilter'' to block SMTP traffic. Refer to the sample files for further details" Pablo Carboni. [gervi@ciudad.com.ar]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41235C2D.14650.6648359D>