From owner-freebsd-stable Wed Jul 11 2:37:30 2001 Delivered-To: freebsd-stable@freebsd.org Received: from femail19.sdc1.sfba.home.com (femail19.sdc1.sfba.home.com [24.0.95.128]) by hub.freebsd.org (Postfix) with ESMTP id 7271737B401 for ; Wed, 11 Jul 2001 02:37:27 -0700 (PDT) (envelope-from ciscogeek@home.com) Received: from home.com ([24.56.15.78]) by femail19.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20010711093726.FFUT9702.femail19.sdc1.sfba.home.com@home.com>; Wed, 11 Jul 2001 02:37:26 -0700 Message-ID: <3B4C1E5B.80275FD2@home.com> Date: Wed, 11 Jul 2001 02:37:31 -0700 From: Janet Sullivan X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Haikal Saadh , freebsd-stable@freebsd.org Subject: Re: ipf and tun References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG You can edit /etc/rc.network and move the entire user ppp section of the script right before the ipf section. Then ipf -y'ing won't be necessary. It worked for me for several months - after editing rc.network I just rebooted and from then on I didn't have to manually do anything with ipf to make it work with userland ppp. Of course, if you upgrade to a newer rc.network file while tracking -STABLE, you'll have to edit the file again. YMMV. Haikal Saadh wrote: > > I've noticed that this has been tossed around the lists for fair while, but > no one has actually come up with a solution :(. I've a similar problem, but > the thing with ip -y'ing in ppp.linkup is that it executes the commands in > ppp.linkup as the user who invoked ppp, and ipf -y needs to be done as root > (according to the manpage, and yes, non rot user can't ipf -y). > > Is their anything else that can be done? > > > -----Original Message----- > > From: owner-freebsd-stable@FreeBSD.ORG > > [mailto:owner-freebsd-stable@FreeBSD.ORG]On Behalf Of Michel TALON > > Sent: Monday, 9 July 2001 11:13 PM > > To: freebsd-stable@FreeBSD.ORG > > Subject: ipf and tun > > > > > > Hello, > > > > I have a little problem which has already caused trouble to me. > > When my machine boots it runs > > ipf -f /etc/ipf.rules > > These rules allow packets coming from tun0 to get state (my > > home machine is at the other end of the line). > > However ppp has still not been fired, so the next time i connect > > with ppp i can get at the machine but not from here surf the web. > > Running > > ipf -Fa -f/etc/ipf.rules > > fixes the problem, but is highly unpractical. > > > > So it seems that ipf applies rules only for the configured interfaces. > > Do you think that putting > > ! ipf -y > > in /etc/ppp/ppp.linkup > > would solve the problem? > > > > Of course i can try but risk been locked out! > > > > -- > > > > Michel TALON > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-stable" in the body of the message > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message