From owner-freebsd-questions@FreeBSD.ORG Sun Jan 4 03:32:13 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3777E16A4CE for ; Sun, 4 Jan 2004 03:32:13 -0800 (PST) Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 6A4AF43D41 for ; Sun, 4 Jan 2004 03:32:11 -0800 (PST) (envelope-from karl.juchen@gmx.de) Received: (qmail 6714 invoked by uid 0); 4 Jan 2004 11:32:10 -0000 Received: from 217.9.26.51 by www52.gmx.net with HTTP; Sun, 4 Jan 2004 12:32:10 +0100 (MET) Date: Sun, 4 Jan 2004 12:32:10 +0100 (MET) From: "Karl Juchen" To: freebsd-questions@freebsd.org MIME-Version: 1.0 References: X-Priority: 3 (Normal) X-Authenticated: #16201734 Message-ID: <11713.1073215930@www52.gmx.net> X-Mailer: WWW-Mail 1.6 (Global Message Exchange) X-Flags: 0001 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Subject: RE: ppp idle timer X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Jan 2004 11:32:13 -0000 Hi! fbsd_user wrote: > I have been reading this list for 4 years and your post is the first > on any body trying to use 'user ppp' filter rules. > I read about them when I setup my own user ppp dial out to ISP over > voice phone modem, tried to use them, but they have no way to verify > the rules are working, and iirc no logging function. There is a logging facility 'Filter' that allows basic logging, but for my problem that's not very important, I think. I check the idle timer with: set server +3000 mypasswd pppctl 3000 show bundle That's probably not the best solution, but it works. > Here's my advice, you are better off with ipfilter firewall which is > delivered as part of the FBSD core system. IPFW is massive overkill > in most cases. > > More information on IPF can be found here. > http://www.obfuscation.org/ipf/ipf-howto.html#TOC_1 > > http://coombs.anu.edu.au/~avalon/ip-filter.html Thanks, first of all. Of course I do not want to do real packet-filtering with ppp, but just control the idle timer. Example: Somebody sends icmp echo-requests to my box. Even if my box doesn't give any replies, the incoming packets will keep up my dial-on-demand connection. That's what I want to suppress with my ppp filter rules. The problem occurs very frequently with p2p-network requests, that belong to the former owner of my dynamic ip address... I can't imagine I'm the only one, who has such a kind of problem. Unfortunately, I couldn't find out how to control ppp idle timer with IPF, is it really possible? I'm grateful for any solution. Regards, Karl -- +++ GMX - die erste Adresse für Mail, Message, More +++ Neu: Preissenkung für MMS und FreeMMS! http://www.gmx.net