From owner-freebsd-questions@FreeBSD.ORG Sun Aug 27 01:00:00 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CBC7D16A4DD for ; Sun, 27 Aug 2006 01:00:00 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id F0B6143D4C for ; Sun, 27 Aug 2006 00:59:59 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from gothmog.pc (patr530-a089.otenet.gr [212.205.215.89]) (authenticated bits=128) by igloo.linux.gr (8.13.7/8.13.7/Debian-2) with ESMTP id k7R0xdtc002653 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 27 Aug 2006 03:59:43 +0300 Received: from gothmog.pc (gothmog [127.0.0.1]) by gothmog.pc (8.13.7/8.13.7) with ESMTP id k7R0xM7D004911; Sun, 27 Aug 2006 03:59:23 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from giorgos@localhost) by gothmog.pc (8.13.7/8.13.7/Submit) id k7R0xMDp004910; Sun, 27 Aug 2006 03:59:22 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Sun, 27 Aug 2006 03:59:22 +0300 From: Giorgos Keramidas To: "J.D. Bronson" Message-ID: <20060827005922.GB4853@gothmog.pc> References: <7.0.1.0.2.20060826150124.01982d10@sixcompanies.com> <20060826204015.GI1311@gothmog.pc> <7.0.1.0.2.20060826160530.01982d10@sixcompanies.com> <20060826220706.GC2666@gothmog.pc> <7.0.1.0.2.20060826170941.01982d10@sixcompanies.com> <20060826221904.GD2666@gothmog.pc> <7.0.1.0.2.20060826194439.01973050@sixcompanies.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7.0.1.0.2.20060826194439.01973050@sixcompanies.com> X-Hellug-MailScanner: Found to be clean X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (score=-2.837, required 5, autolearn=not spam, AWL -0.24, BAYES_00 -2.60, UNPARSEABLE_RELAY 0.00) X-Hellug-MailScanner-From: keramida@ceid.upatras.gr X-Spam-Status: No Cc: freebsd-questions@freebsd.org Subject: Re: ipfilter on 6.1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Aug 2006 01:00:00 -0000 On 2006-08-26 19:46, "J.D. Bronson" wrote: > Ok guys...now that I have ipfilter working...I need to run a few > commands in /etc/ppp/ppp;linkup and cant figure out the syntax... > > % cat /etc/ppp/ppp.linkup > > # It is no longer necessary to re-add the default route here as our > MYADDR: > > ! sh -c "/sbin/ipnat -CF -f /etc/ipnat.conf" > ! sh -c "/sbin/ipf -F -f /etc/ipf.conf" > ! sh -c "/sbin/ipf -Fa -f /etc/ipf.conf" > ! sh -c "/sbin/ipf -y" Watch out for that empty line, if it is *REALLY* part of your `ppp.linkup' script. Empty lines are section delimiters in ppp(8) config files. Thereis also no reason to run ipf _twice_! Please also note that I don't use "sh -c" to signal ntpd to start/stop from my ppp.linkup script and it all works fine: root@gothmog:/root# cat -n /etc/ppp/ppp.linkup 1 MYADDR: 2 ! /etc/rc.d/ntpd start root@gothmog:/root# Maybe the whole sh -c and quoting stuff you are using is not really passed down to sh(1) but is parsed by ppp(8) when `ppp.linkup' is read? I am also not sure if it is a good idea to run ``ipnat -CF'' of ``ipf -Fa''. What about states of existing connections? If you momentarily lose the PPP connection, but it then comes up pretty fast, you are effectively dropping all previous connection information here, even though it may still be valid and useful. I'd go for the simpler syntax of: MYADDR: ! /sbin/ipf -y