From owner-freebsd-questions Tue Oct 28 01:01:28 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id BAA08793 for questions-outgoing; Tue, 28 Oct 1997 01:01:28 -0800 (PST) (envelope-from owner-freebsd-questions) Received: from whale.gu.net (whale.gu.net [194.93.190.4]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id BAA08782 for ; Tue, 28 Oct 1997 01:01:17 -0800 (PST) (envelope-from <@vicotec.UUCP:freebsd@vicotec.kiev.ua>) Received: from creator.gu.kiev.ua (uucp@creator.gu.kiev.ua [194.93.190.3]) by whale.gu.net (8.8.7/8.8.7) with ESMTP id LAA95780; Tue, 28 Oct 1997 11:01:13 +0200 Received: from vicotec.UUCP (uucp@localhost) by creator.gu.kiev.ua (8.8.7/8.8.7) with UUCP id LAA24450; Tue, 28 Oct 1997 11:01:11 +0200 (EET) Received: from localhost (freebsd@localhost) by ubik.vicotec.kiev.ua (8.8.5/8.8.7) with SMTP id KAA01839; Tue, 28 Oct 1997 10:58:52 +0200 (EET) Date: Tue, 28 Oct 1997 10:58:51 +0200 (EET) From: "Pseudo-user collecting FreeBSD mailing lists." To: Michael Ryan cc: FreeBSD Support Subject: Re: dfilter in iijppp In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Hi, On Mon, 27 Oct 1997, Michael Ryan wrote: > Hi Folks, > > I have set up iijppp for dial-on-demand. It's working great. > Now, I want to install dfilter rules to determine what brings > up the link. > > I want -only- http traffic (dst port = 80) to bring up the link. > I'm using Squid as a proxy http cache. > > But, the first thing Squid will do is try to resolve the hostname > into an IP address using DNS. > > Therefore, I would also have to allow DNS traffic to activate the > link, or Squid will fail, saying it can't resolve the hostname. > But, once I do this, then just about every service will cause the > link to come up, e.g. both sendmail and ping will try to resolve > hostnames as well. >From /usr/local/squid/etc/squid.conf: "If you want to disable DNS tests, do not comment out or delete this list. Instead use the -D command line option" It works for me. > > Is there any way in practise to implement intelligent dfilter > rule sets. It seems to me that enabling DNS to activeate the link > (as seems to be required to get Squid to work) will implicitely > allow any service to activate the link... > > > Bye, > Mike > > --- > > > > Regards, Igor.