From owner-freebsd-questions Wed Jul 4 18: 8:57 2001 Delivered-To: freebsd-questions@freebsd.org Received: from smtp010.mail.yahoo.com (smtp010.mail.yahoo.com [216.136.173.30]) by hub.freebsd.org (Postfix) with SMTP id 5DED637B403 for ; Wed, 4 Jul 2001 18:08:54 -0700 (PDT) (envelope-from wyldephyre2@yahoo.com) Received: from ae02009.powerup.com.au (HELO warhawk) (203.147.161.9) by smtp.mail.vip.sc5.yahoo.com with SMTP; 5 Jul 2001 01:08:52 -0000 X-Apparently-From: From: "Haikal Saadh" To: , "parv" Cc: Subject: RE: ipf -y 'ing using user ppp Date: Thu, 5 Jul 2001 11:13:06 +1000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20010704012400.H1476@blossom.cjclark.org> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > -----Original Message----- > From: Crist J. Clark [mailto:cristjc@earthlink.net] > Sent: Wednesday, 4 July 2001 6:24 PM > To: parv > Cc: Haikal Saadh; questions@FreeBSD.ORG > Subject: Re: ipf -y 'ing using user ppp > > > On Wed, Jul 04, 2001 at 03:22:41AM -0400, parv wrote: > > so, Haikal Saadh shared this in my lifetime... > > > > > > Hi all, > > > I've come to understand that everytime i dialup using user > ppp, I need to > > > resync the filter rules using 'ipf -y'. Now, my problem is, > everytime[1] I > > > dial up, I have to ipf -y manually myself. I would put a line > in ppp.linkup, > > > but the thing is, ppp.linkup gets run with the priviledges of > the user who > > > just invoked ppp, and as i have non-root users dialing out, > it does not > > > work. > > > > > > Can anyone tell me how to automatically ipf -y when the ppp > link goes up? > > > Especially when invoked by non-root users? > > Err... man 8 ipf, > > -y (SOLARIS 2 ONLY) Manually resync the in-kernel > interface list maintained by IP Filter with the > current interface status list. > > Note the "SOLARIS 2 ONLY?" I've never had to use '-y,' but I do have a > similar problem. Or do I have a different manpage? > > I do not start ppp(8) at boot, but I do start ipf(8). The tun(4) > interface does not exist until ppp(8) conjures it up, so I cannot load > useful ipf(8) and ipnat(8) rules until I start ppp(8). I have the same > issue with ppp.linkup and not running ppp(8) as root. > > That said, once I run ppp(8) once, I can bring the tun(4) interface up > and down as much as I wish and I never need to touch ipf(8) or > ipnat(8) again. No need for the '-y' option. > -- > Crist J. Clark cjclark@alum.mit.edu When I dialup, the server itself is able to access the net, but none of the boxes behind it can until I ipf -y. Oddly enough, I only need to do it the first time after a reboot. After that, it chugs along happily until the next reboot. Cheers. _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message