Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 25 Jun 1995 06:30:54 -0400
From:      Gene Stark <gene@starkhome.cs.sunysb.edu>
To:        "Jordan K. Hubbard" <freebsd.org!jkh@sbstark.cs.sunysb.edu>
Cc:        hackers@freebsd.org
Subject:   Anyone else see this with ijppp?
Message-ID:  <199506251030.GAA04989@starkhome.cs.sunysb.edu>
In-Reply-To: "Jordan K. Hubbard"'s message of Sat, 24 Jun 1995 20:53:21 %2B0100
References:  <3sic2k$2na@starkhome.cs.sunysb.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
>   Oh, and on the subject of ppp dialing up and staying up for hours, yes
>   I've set a timeout and yes I've put in a filter for dialing that blocks
>   pings and yes I've set `hosts' before `bind' in my /etc/host.conf so
>   that simple DNS queries don't trigger it.  And it still does it.. :-)

I don't see this problem.  I did have a little trouble with DNS and ntp
at first.  Below are the filters I am using.

The only real problem I have with it is the automatic 30 second redial
if a call fails.  As I mentioned in mail to the author and maintainer,
there should be a configurable backoff on this so you don't get socked
with charges for a kazillion calls (mine cost $0.10/ea.) if an unattended
machine goes beserk because the other end is inaccessible for some reason.

								- Gene

#       
# Don't keep Alive with ICMP, DNS, RIP, and NTP packet
#
 set afilter 0 deny icmp
 set afilter 1 deny udp src eq 53
 set afilter 2 deny udp dst eq 53
 set afilter 3 deny udp src eq 520
 set afilter 4 deny udp dst eq 520
 set afilter 5 deny udp src eq 123
 set afilter 6 deny udp dst eq 123
 set afilter 7 permit 0/0 0/0
#
# Don't dial with ICMP, DNS, RIP, NTP packet
#
 set dfilter 0 deny icmp
 set dfilter 1 deny udp src eq 53
 set dfilter 2 deny udp dst eq 53
# include DNS zone transfer request via TCP
 set dfilter 3 deny tcp src eq 53
 set dfilter 4 deny tcp dst eq 53
 set dfilter 5 deny udp src eq 520
 set dfilter 6 deny udp dst eq 520
 set dfilter 7 deny udp src eq 123
 set dfilter 8 deny udp dst eq 123
 set dfilter 9 permit 0/0 0/0

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199506251030.GAA04989>