HardenedBSD/etc/ppp/ppp.conf.filter.sample
Atsushi Murai 53c9f6c0c4 New user Process PPP based on iij-ppp0.94beta2.
o Supporting SYNC SIO device (But need a device driver)
     - add "set speed sync"
   o Fixing bug for Predictor-1 function.
   o Add new parameter that re-sent interval for set timeout commands.
   o Improving RTT (Round Trip Time) and reducing processor time.
     - Previous Timer service was using polling, and now using
       SIGALRM ;-)
     - A 0.94beta2 will not work correctly....

   -- Follows are additinal feature not including 0.94beta2
   o Support Proxy ARP
     - add "enable/disable proxy" commands
   o Marging common routine in CHAP/PAP.
   o Enhancing LCP/IPCP log information.
   o Support local Authfication connection on port 300x and tty.
     - You can set up pair of your "hostname -s" and
       password in ppp.secret. if either ppp.secret file nor
       your hostname line don't exist, It will notify a message
       and working as same as previous version.(Backword compatibility)
     - If you did set up them, It's allow connection but nothing to do
       except help and passwd command.
     - add "passwd yourpasswd" commands
   o Support afilter - keep Alive filter that a packet can send/receiving
     according to ifilter/ofilter but doesn't count it as preventing idle
     timer expires.
     - Same syntax of other filters.
   o Fixing bugs reported by current user for previous one. Thanks !!

Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00

59 lines
1.3 KiB
Plaintext

#
# $Id: ppp.conf.filter.sample,v 1.1.1.1 1995/01/31 06:24:33 amurai Exp $
#
# An example of packet filter definition.
#
#
filterd:
#
# Don't keep Alive with ICMP,DNS and RIP packet
#
set afilter 0 deny icmp
set afilter 1 deny udp src eq 53
set afilter 2 deny udp dst eq 53
set afilter 3 deny udp src eq 520
set afilter 4 deny udp dst eq 520
set afilter 5 permit 0/0 0/0
#
# Don't dial with ICMP packet
#
set dfilter 0 deny icmp
set dfilter 1 permit 0/0 0/0
#
# Allow ident packet pass through
#
set ifilter 0 permit tcp dst eq 113
set ofilter 0 permit tcp src eq 113
#
# Allow telnet connection to the Internet
#
set ifilter 1 permit tcp src eq 23 estab
set ofilter 1 permit tcp dst eq 23
#
# Allow ftp access to the Internet
#
set ifilter 2 permit tcp src eq 21 estab
set ofilter 2 permit tcp dst eq 21
set ifilter 3 permit tcp src eq 20 dst gt 1023
set ofilter 3 permit tcp dst eq 20
#
# Allow access to DNS
#
set ifilter 4 permit udp src eq 53
set ofilter 4 permit udp dst eq 53
#
# Allow access from/to my company network
#
set ifilter 5 permit 192.244.191.0/24 0/0
set ofilter 5 permit 0/0 192.244.191.0/24
#
# Allow ping and traceroute response
#
set ifilter 6 permit icmp
set ofilter 6 permit icmp
set ifilter 7 permit udp dst gt 33433
set ofilter 7 permit udp dst gt 33433
#
# If none of above rules matches, then packet is blockd.
#