Site Navigation

Date:      Wed, 4 Jul 2001 01:24:00 -0700
From:      "Crist J. Clark" <cristjc@earthlink.net>
To:        parv <parv_@yahoo.com>
Cc:        Haikal Saadh <wyldephyre2@yahoo.com>, questions@FreeBSD.ORG
Subject:   Re: ipf -y 'ing using user ppp
Message-ID:  <20010704012400.H1476@blossom.cjclark.org>
In-Reply-To: <20010704032241.A1895@moo.holy.cow>; from parv_@yahoo.com on Wed, Jul 04, 2001 at 03:22:41AM -0400
References:  <PAELLGOEIMDLEJNEBOBOCEIACBAA.wyldephyre2@yahoo.com> <20010704032241.A1895@moo.holy.cow>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

On Wed, Jul 04, 2001 at 03:22:41AM -0400, parv wrote:
> so, Haikal Saadh shared this in my lifetime...
> > 
> > Hi all,
> > I've come to understand that everytime i dialup using user ppp, I need to
> > resync the filter rules using 'ipf -y'. Now, my problem is, everytime[1] I
> > dial up, I have to ipf -y manually myself. I would put a line in ppp.linkup,
> > but the thing is, ppp.linkup gets run with the priviledges of the user who
> > just invoked ppp, and as i have non-root users dialing out, it does not
> > work.
> > 
> > Can anyone tell me how to automatically ipf -y when the ppp link goes up?
> > Especially when invoked by non-root users?

Err... man 8 ipf,

       -y     (SOLARIS 2  ONLY)  Manually  resync  the  in-kernel
              interface  list  maintained  by  IP Filter with the
              current interface status list.

Note the "SOLARIS 2 ONLY?" I've never had to use '-y,' but I do have a
similar problem. Or do I have a different manpage?

I do not start ppp(8) at boot, but I do start ipf(8). The tun(4)
interface does not exist until ppp(8) conjures it up, so I cannot load
useful ipf(8) and ipnat(8) rules until I start ppp(8). I have the same
issue with ppp.linkup and not running ppp(8) as root.

That said, once I run ppp(8) once, I can bring the tun(4) interface up
and down as much as I wish and I never need to touch ipf(8) or
ipnat(8) again. No need for the '-y' option.
-- 
Crist J. Clark                           cjclark@alum.mit.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010704012400.H1476>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact