Date: Tue, 30 Mar 1999 17:24:34 +1200 (NZST) From: Jonathan Chen <jonc@pinnacle.co.nz> To: "James A. Mutter" <jmutter@netwalk.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: userland ppp and the keepalive filter. Message-ID: <Pine.SC5.4.10.9903301719510.26579-100000@kiwi.pinnacle.co.nz> In-Reply-To: <Pine.BSF.4.05.9903292342560.706-100000@insomnia.local.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 29 Mar 1999, James A. Mutter wrote:
> # This doesn't work - seems to deny _everything_ from the keepalive
> # filter.
> #set filter alive 0 deny tcp src eq 123 dst eq 123
> #set filter alive 1 deny udp src eq 123 dst eq 123
>
> # set filter alive 0 deny udp src eq 123
> # set filter alive 1 deny tcp src eq 123
> # set filter alive 2 deny udp dst eq 123
> # set filter alive 3 deny tcp dst eq 123
>
> set log local phase
>
> As you can see, everything regarding the filter is commented out now.
> When it was uncommented, that configuration seemed to deny
> _everything_ from the keepalive filter. The system would disconnect
> after the 'timeout' period of 900 seconds.
Whenever you define a ruleset, there's a implicit default filter of:
set filter alive lastrule+1 deny 0 0
ie deny everything not already permitted. You need to add
set filter alive lastrule+1 permit 0 0
Cheers.
Jonathan Chen
--------------------------------------------------------------------
Contrary to popular belief,
penguins are not the salvation of modern technology.
Neither do they throw parties for the urban proletariat.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SC5.4.10.9903301719510.26579-100000>