From owner-freebsd-questions  Wed Jul  4  1:24: 7 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74])
	by hub.freebsd.org (Postfix) with ESMTP id 98CBA37B405
	for <questions@FreeBSD.ORG>; Wed,  4 Jul 2001 01:24:04 -0700 (PDT)
	(envelope-from cjc@earthlink.net)
Received: from blossom.cjclark.org (dialup-209.245.140.168.Dial1.SanJose1.Level3.net [209.245.140.168])
	by falcon.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id BAA27375;
	Wed, 4 Jul 2001 01:24:02 -0700 (PDT)
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.4/8.11.3) id f648O0402192;
	Wed, 4 Jul 2001 01:24:00 -0700 (PDT)
	(envelope-from cjc)
Date: Wed, 4 Jul 2001 01:24:00 -0700
From: "Crist J. Clark" <cristjc@earthlink.net>
To: parv <parv_@yahoo.com>
Cc: Haikal Saadh <wyldephyre2@yahoo.com>, questions@FreeBSD.ORG
Subject: Re: ipf -y 'ing using user ppp
Message-ID: <20010704012400.H1476@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <PAELLGOEIMDLEJNEBOBOCEIACBAA.wyldephyre2@yahoo.com> <20010704032241.A1895@moo.holy.cow>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010704032241.A1895@moo.holy.cow>; from parv_@yahoo.com on Wed, Jul 04, 2001 at 03:22:41AM -0400
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Wed, Jul 04, 2001 at 03:22:41AM -0400, parv wrote:
> so, Haikal Saadh shared this in my lifetime...
> > 
> > Hi all,
> > I've come to understand that everytime i dialup using user ppp, I need to
> > resync the filter rules using 'ipf -y'. Now, my problem is, everytime[1] I
> > dial up, I have to ipf -y manually myself. I would put a line in ppp.linkup,
> > but the thing is, ppp.linkup gets run with the priviledges of the user who
> > just invoked ppp, and as i have non-root users dialing out, it does not
> > work.
> > 
> > Can anyone tell me how to automatically ipf -y when the ppp link goes up?
> > Especially when invoked by non-root users?

Err... man 8 ipf,

       -y     (SOLARIS 2  ONLY)  Manually  resync  the  in-kernel
              interface  list  maintained  by  IP Filter with the
              current interface status list.

Note the "SOLARIS 2 ONLY?" I've never had to use '-y,' but I do have a
similar problem. Or do I have a different manpage?

I do not start ppp(8) at boot, but I do start ipf(8). The tun(4)
interface does not exist until ppp(8) conjures it up, so I cannot load
useful ipf(8) and ipnat(8) rules until I start ppp(8). I have the same
issue with ppp.linkup and not running ppp(8) as root.

That said, once I run ppp(8) once, I can bring the tun(4) interface up
and down as much as I wish and I never need to touch ipf(8) or
ipnat(8) again. No need for the '-y' option.
-- 
Crist J. Clark                           cjclark@alum.mit.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message