Date: Wed, 11 Jul 2001 02:37:31 -0700 From: Janet Sullivan <ciscogeek@home.com> To: Haikal Saadh <wyldephyre2@yahoo.com>, freebsd-stable@freebsd.org Subject: Re: ipf and tun Message-ID: <3B4C1E5B.80275FD2@home.com> References: <PAELLGOEIMDLEJNEBOBOMEFLCCAA.wyldephyre2@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You can edit /etc/rc.network and move the entire user ppp section of the script right before the ipf section. Then ipf -y'ing won't be necessary. It worked for me for several months - after editing rc.network I just rebooted and from then on I didn't have to manually do anything with ipf to make it work with userland ppp. Of course, if you upgrade to a newer rc.network file while tracking -STABLE, you'll have to edit the file again. YMMV. Haikal Saadh wrote: > > I've noticed that this has been tossed around the lists for fair while, but > no one has actually come up with a solution :(. I've a similar problem, but > the thing with ip -y'ing in ppp.linkup is that it executes the commands in > ppp.linkup as the user who invoked ppp, and ipf -y needs to be done as root > (according to the manpage, and yes, non rot user can't ipf -y). > > Is their anything else that can be done? > > > -----Original Message----- > > From: owner-freebsd-stable@FreeBSD.ORG > > [mailto:owner-freebsd-stable@FreeBSD.ORG]On Behalf Of Michel TALON > > Sent: Monday, 9 July 2001 11:13 PM > > To: freebsd-stable@FreeBSD.ORG > > Subject: ipf and tun > > > > > > Hello, > > > > I have a little problem which has already caused trouble to me. > > When my machine boots it runs > > ipf -f /etc/ipf.rules > > These rules allow packets coming from tun0 to get state (my > > home machine is at the other end of the line). > > However ppp has still not been fired, so the next time i connect > > with ppp i can get at the machine but not from here surf the web. > > Running > > ipf -Fa -f/etc/ipf.rules > > fixes the problem, but is highly unpractical. > > > > So it seems that ipf applies rules only for the configured interfaces. > > Do you think that putting > > ! ipf -y > > in /etc/ppp/ppp.linkup > > would solve the problem? > > > > Of course i can try but risk been locked out! > > > > -- > > > > Michel TALON > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-stable" in the body of the message > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B4C1E5B.80275FD2>