From owner-freebsd-questions Mon Mar 29 21:27:20 1999 Delivered-To: freebsd-questions@freebsd.org Received: from kiwi.pinnacle.co.nz (pinnacle.internet.co.nz [210.48.55.133]) by hub.freebsd.org (Postfix) with ESMTP id 35C8814D7B for ; Mon, 29 Mar 1999 21:27:01 -0800 (PST) (envelope-from jonc@pinnacle.co.nz) Received: from kiwi.pinnacle.co.nz (kiwi.pinnacle.co.nz [202.37.163.2]) by kiwi.pinnacle.co.nz (8.9.3/8.9.3) with ESMTP id RAA28399; Tue, 30 Mar 1999 17:24:34 +1200 (NZST) Date: Tue, 30 Mar 1999 17:24:34 +1200 (NZST) From: Jonathan Chen To: "James A. Mutter" Cc: freebsd-questions@FreeBSD.ORG Subject: Re: userland ppp and the keepalive filter. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 29 Mar 1999, James A. Mutter wrote: > # This doesn't work - seems to deny _everything_ from the keepalive > # filter. > #set filter alive 0 deny tcp src eq 123 dst eq 123 > #set filter alive 1 deny udp src eq 123 dst eq 123 > > # set filter alive 0 deny udp src eq 123 > # set filter alive 1 deny tcp src eq 123 > # set filter alive 2 deny udp dst eq 123 > # set filter alive 3 deny tcp dst eq 123 > > set log local phase > > As you can see, everything regarding the filter is commented out now. > When it was uncommented, that configuration seemed to deny > _everything_ from the keepalive filter. The system would disconnect > after the 'timeout' period of 900 seconds. Whenever you define a ruleset, there's a implicit default filter of: set filter alive lastrule+1 deny 0 0 ie deny everything not already permitted. You need to add set filter alive lastrule+1 permit 0 0 Cheers. Jonathan Chen -------------------------------------------------------------------- Contrary to popular belief, penguins are not the salvation of modern technology. Neither do they throw parties for the urban proletariat. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message