Date: Thu, 5 Jul 2001 11:13:06 +1000 From: "Haikal Saadh" <wyldephyre2@yahoo.com> To: <cjclark@alum.mit.edu>, "parv" <parv_@yahoo.com> Cc: <questions@FreeBSD.ORG> Subject: RE: ipf -y 'ing using user ppp Message-ID: <PAELLGOEIMDLEJNEBOBOGEJPCBAA.wyldephyre2@yahoo.com> In-Reply-To: <20010704012400.H1476@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: Crist J. Clark [mailto:cristjc@earthlink.net] > Sent: Wednesday, 4 July 2001 6:24 PM > To: parv > Cc: Haikal Saadh; questions@FreeBSD.ORG > Subject: Re: ipf -y 'ing using user ppp > > > On Wed, Jul 04, 2001 at 03:22:41AM -0400, parv wrote: > > so, Haikal Saadh shared this in my lifetime... > > > > > > Hi all, > > > I've come to understand that everytime i dialup using user > ppp, I need to > > > resync the filter rules using 'ipf -y'. Now, my problem is, > everytime[1] I > > > dial up, I have to ipf -y manually myself. I would put a line > in ppp.linkup, > > > but the thing is, ppp.linkup gets run with the priviledges of > the user who > > > just invoked ppp, and as i have non-root users dialing out, > it does not > > > work. > > > > > > Can anyone tell me how to automatically ipf -y when the ppp > link goes up? > > > Especially when invoked by non-root users? > > Err... man 8 ipf, > > -y (SOLARIS 2 ONLY) Manually resync the in-kernel > interface list maintained by IP Filter with the > current interface status list. > > Note the "SOLARIS 2 ONLY?" I've never had to use '-y,' but I do have a > similar problem. Or do I have a different manpage? > > I do not start ppp(8) at boot, but I do start ipf(8). The tun(4) > interface does not exist until ppp(8) conjures it up, so I cannot load > useful ipf(8) and ipnat(8) rules until I start ppp(8). I have the same > issue with ppp.linkup and not running ppp(8) as root. > > That said, once I run ppp(8) once, I can bring the tun(4) interface up > and down as much as I wish and I never need to touch ipf(8) or > ipnat(8) again. No need for the '-y' option. > -- > Crist J. Clark cjclark@alum.mit.edu When I dialup, the server itself is able to access the net, but none of the boxes behind it can until I ipf -y. Oddly enough, I only need to do it the first time after a reboot. After that, it chugs along happily until the next reboot. Cheers. _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?PAELLGOEIMDLEJNEBOBOGEJPCBAA.wyldephyre2>