Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 17 Jul 1999 02:44:11 -0800 (AKDT)
From:      Steve Howe <groggy@iname.com>
To:        freebsd-questions <questions@freebsd.org>
Subject:   ppp filters
Message-ID:  <Pine.BSF.3.96.990717023834.316A-100000@froggy.anchorage.ptialaska.net>
next in thread | raw e-mail | index | archive | help 

i've been trying to experiment with ppp filters,
but they don't make any apparent difference.
for example, with no other filters, this
default filter "set" does not block
traceroute.  even though it is
commented out.

what am i forgetting to do?

also, most listing in services have
udp/tcp ports.  how do i figure out
if i need udp, tcp, or both?

also, if i create a simple ruleset
for a label in ppp.conf, does that
totally trash all previous rulesets?
like the default labels ruleset for example?

thank you.

default:
 set log chat connect tun command

# DENY ICMP, DNS

 set afilter 0  deny   icmp
 set afilter 1  deny   udp src eq 53
 set afilter 2  deny   udp dst eq 53
 set afilter 3  permit 0/0 0/0

# ALLOW PING

 set ifilter 0  permit icmp
 set ofilter 0  permit icmp

# ALLOW FTP-DATA

 set ifilter 1  permit tcp src eq 20 dst gt 1023
 set ofilter 1  permit tcp dst eq 20

# ALLOW FTP-CONTROL

 set ifilter 2  permit tcp src eq 21 estab
 set ofilter 2  permit tcp dst eq 21

# ALLOW TELNET

 set ifilter 3  permit tcp src eq 23 estab
 set ofilter 3  permit tcp dst eq 23

# ALLOW SMTP

 set ifilter 4  permit tcp src eq 25
 set ofilter 4  permit tcp dst eq 25

# ALLOW WHOIS

 set ifilter 5  permit tcp src eq 43
 set ofilter 5  permit tcp dst eq 43

# ALLOW DNS

 set ifilter 6  permit udp src eq 53
 set ofilter 6  permit udp dst eq 53

# ALLOW POP3

 set ifilter 7  permit tcp src eq 110
 set ofilter 7  permit tcp dst eq 110

# ALLOW IDENT

 set ifilter 8  permit tcp dst eq 113
 set ofilter 8  permit tcp src eq 113

# ALLOW IRC

 set ifilter 9  permit tcp dst eq 194
 set ofilter 9  permit tcp src eq 194

# ALLOW TRACEROUTE

# set ifilter 10 permit udp dst gt 33433
# set ofilter 10 permit udp dst gt 33433



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990717023834.316A-100000>