From owner-freebsd-current Sun Sep 21 11:17:07 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id LAA10793 for current-outgoing; Sun, 21 Sep 1997 11:17:07 -0700 (PDT) Received: from watcher.isl.net (ppp-51.isl.net [199.3.25.100]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id LAA10786 for ; Sun, 21 Sep 1997 11:17:01 -0700 (PDT) Received: (from ortmann@localhost) by watcher.isl.net (8.8.7/8.8.5) id NAA05205; Sun, 21 Sep 1997 13:10:56 -0500 (CDT) From: Daniel Ortmann Message-Id: <199709211810.NAA05205@watcher.isl.net> Subject: Re: Problems with -current ppp To: dmaddox@scsn.net Date: Sun, 21 Sep 1997 13:10:54 -0500 (CDT) Cc: jkh@time.cdrom.com, current@FreeBSD.ORG In-Reply-To: <19970921110054.48267@scsn.net> from "Donald J. Maddox" at "Sep 21, 97 11:00:54 am" X-Mailer: ELM [version 2.4ME+ PL17 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk ... > Seriously, I understand the need for security in ppp, and I would > rather have it secureable even if it means a little inconvenience > (like having to type a password). However, since the window of > insecurity is so small in this case, if I can trade security for > convenience, I will. > This is not an appeal to have ppp's security enhancements reverted. > Clearly, making ppp more secure is a Good Thing. Would there be any value in (or method for) a generalized mechanism tying the ipfw stuff into ppp and pppd? Perhaps a more dynamic mechanism encapsulating stuff now done in rc.firewall? (I suppose this is what ipfw.scripts was intended for?) Currently I spawn a while(1){ifconfig ppp0; sleep...} loop to setup ipfw. Icky, but it works. -- Daniel Ortmann 507.288.7732 (h) ortmann@isl.net 2414 30 av NW, #D 507.253.6795 (w) ortmann@vnet.ibm.com Rochester, MN 55901 "PERL: The Swiss Army Chainsaw"