ppp filtering troubles
a person
a at newchem.ru
Tue Dec 21 07:14:38 PST 2004
Hello Frank,
Tuesday, December 21, 2004, 10:53:21 AM, you wrote:
>> I have in ppp.conf:
>> isp:
>> set timeout 180 180
>>
>> Adding the next rulse to isp: section:
>> set filter alive 0 permit 0 MYADDR tcp dst eq 25
>> set filter alive 1 permit MYADDR 0 tcp src eq 25
>> set filter alive 2 permit MYADDR 0 tcp dst eq 25
>> set filter alive 3 permit 0 MYADDR tcp src eq 25
>> set filter alive 12 permit 0 MYADDR tcp dst eq 22
>> set filter alive 13 permit MYADDR 0 tcp src eq 22
>> despite of this rules connections cuts out over the 3 minutes.
>>
>> What is the best way to reset timers only for 22 and 25 ports?
>> 4.10-STABLE.
FS> ppp(8) (4.11-PRERELEASE):
#-->>
FS> A filter definition has the following syntax:
FS> set filter name rule-no action [!] [[host] src_addr[/width]
FS> [dst_addr[/width]]] [proto [src cmp port] [dst cmp port] [estab]
FS> [syn] [finrst] [timeout secs]]
FS> #--<
FS> ie. in your filter rules you've set the port but not the timeout. If
FS> no timeout is set for each filter rule then they will default to the
FS> timeout given by "set timeout" or 180s if it's not set.
FS> I'm not sure what you're doing but an alternative might be to a call a
FS> script from ppp.linkup which adds or deletes firewall rules after a
FS> sleep(1)
What am I doing is that I wish to clear timeouts which the "set timeout"
command sets. As I've understood a using of "MYADDR" keyword prevents
a correct "set filter" rules processing by the "alive" filter when the
ones are invoked from the "ppp.conf" file. So I've relocated the "set
filter alive/dail" rules to the "ppp.linkup" file.
It's over.
Thanks.
Best regards, Illia.
More information about the freebsd-stable
mailing list