From owner-freebsd-questions Sat Apr 18 15:06:24 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA11818 for freebsd-questions-outgoing; Sat, 18 Apr 1998 15:06:24 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from server4.mpcbbs.com.br (server4.mpc.com.br [200.246.0.252]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA11760 for ; Sat, 18 Apr 1998 22:06:10 GMT (envelope-from capriotti@geocities.com) Received: from hot_nt (node36.mpc.com.br [200.246.0.36]) by server4.mpcbbs.com.br (8.8.6/8.8.6) with SMTP id TAA12153 for ; Sat, 18 Apr 1998 19:05:59 -0300 (EST) Message-Id: <3.0.32.19691231210000.00a22e30@pop.mpc.com.br> X-Sender: capriotti@pop.mpc.com.br X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Sat, 18 Apr 1998 19:05:54 -0300 To: freebsd-questions@FreeBSD.ORG From: Capriotti Subject: PPP filtering Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, all. Calling PPP automatically, at boot up is solved and I intend to make a step-by-step explanation soon. As soon as I can solve this next problem: When I boot the machine, for soome reason, it starts dialing and wants to stabilish a connection, w/o any requisition, aparently. I read the man pages, the ppp.conf.filter.sample, but I couldn't get it to work right. I would apreciate any help. Additionally, I am trying to figure out how to deny access for users whose IP address (in the LAN. Not valid one for the Internet) are : 150.150.150.152 150.150.150.155 to 150.150.150.162 Again, reading the man pages was not all thet clatifying. Where could I find some more examples/texts to understand filtering ? Thank you. [my ppp.conf] default: set device /dev/cuaa1 set speed 115200 disable pred1 deny pred1 disable lqr deny lqr set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0M0L0 OK-AT-OK \\dATDP\\T TIMEOUT 40 CONNECT" set redial 5 10 set log Phase Chat Connect Carrier hdlc LCP IPCP CCp tun ################# # ################# mp: set phone 2345678 set login "TIMEOUT 15 blablabla" set authname loginname set authkey passwrd set timeout 600 set openmode active set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 # filtering taken from ppp.conf.filter.sample and slighly changed # Don't keep Alive with ICMP,DNS and RIP packets # set afilter 0 deny icmp set afilter 1 deny udp src eq 53 set afilter 2 deny udp dst eq 53 set afilter 3 deny udp src eq 520 set afilter 4 deny udp dst eq 520 set afilter 5 permit 0/0 0/0 # # Don't let ICMP packets cause us to dial # set dfilter 0 deny icmp set dfilter 1 permit 0/0 0/0 # # Allow ident packets to pass through # set ifilter 0 permit tcp dst eq 113 set ofilter 0 permit tcp src eq 113 # # Deny telnet connections to the Internet # set ifilter 1 deny tcp src eq 23 estab set ofilter 1 deny tcp dst eq 23 ########################################## end filtering delete ALL add 0 0 HISADDR # #### To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message