ppp filtering troubles

Frank Shute frank at esperance-linux.co.uk
Mon Dec 20 23:54:32 PST 2004 

On Mon, Dec 20, 2004 at 06:10:56PM +0300, a person wrote:
>
> Hello freebsd-stable,

Hi Illia,

> 
>   I wish the server, dialing out periodically, throws a connection
>   out only if it has no activities over the SMTP and SSH sessions more
>   then 3 minutes (and 3 minutes minimum for connection duration time).

I'm afraid I can't parse the above sentence :(

> 
>   I have in ppp.conf:
>   isp:
>       set timeout    180 180
> 
>   Adding the next rulse to isp: section:
>       set filter     alive 0 permit 0 MYADDR tcp dst eq 25
>       set filter     alive 1 permit MYADDR 0 tcp src eq 25
>       set filter     alive 2 permit MYADDR 0 tcp dst eq 25
>       set filter     alive 3 permit 0 MYADDR tcp src eq 25
>       set filter     alive 12 permit 0 MYADDR tcp dst eq 22
>       set filter     alive 13 permit MYADDR 0 tcp src eq 22
>   despite of this rules connections cuts out over the 3 minutes.
> 
>   What is the best way to reset timers only for 22 and 25 ports?
>   4.10-STABLE.

ppp(8) (4.11-PRERELEASE):

#-->

A filter definition has the following syntax:

         set filter name rule-no action [!] [[host] src_addr[/width]
         [dst_addr[/width]]] [proto [src cmp port] [dst cmp port] [estab]
         [syn] [finrst] [timeout secs]]

#--<

ie. in your filter rules you've set the port but not the timeout. If
no timeout is set for each filter rule then they will default to the
timeout given by "set timeout" or 180s if it's not set.

I'm not sure what you're doing but an alternative might be to a call a
script from ppp.linkup which adds or deletes firewall rules after a
sleep(1)

> 
> -- 
> Thanks in advance, Illia Baidakov.
> 

HTH.

-- 

 Frank 

//-------------------------------------------------------------------------//

echo "f r a n k @ e s p e r a n c e - l i n u x . c o . u k" | sed -e 's/ //g'

//------------------------ PGP keyID: 0x10BD6F4 ---------------------------//
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 174 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20041221/aed2d430/attachment.bin

More information about the freebsd-stable mailing list