mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-15 06:42:51 +01:00
53c9f6c0c4
o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
59 lines
1.3 KiB
Plaintext
59 lines
1.3 KiB
Plaintext
#
|
|
# $Id: ppp.conf.filter.sample,v 1.1.1.1 1995/01/31 06:24:33 amurai Exp $
|
|
#
|
|
# An example of packet filter definition.
|
|
#
|
|
#
|
|
filterd:
|
|
#
|
|
# Don't keep Alive with ICMP,DNS and RIP packet
|
|
#
|
|
set afilter 0 deny icmp
|
|
set afilter 1 deny udp src eq 53
|
|
set afilter 2 deny udp dst eq 53
|
|
set afilter 3 deny udp src eq 520
|
|
set afilter 4 deny udp dst eq 520
|
|
set afilter 5 permit 0/0 0/0
|
|
#
|
|
# Don't dial with ICMP packet
|
|
#
|
|
set dfilter 0 deny icmp
|
|
set dfilter 1 permit 0/0 0/0
|
|
#
|
|
# Allow ident packet pass through
|
|
#
|
|
set ifilter 0 permit tcp dst eq 113
|
|
set ofilter 0 permit tcp src eq 113
|
|
#
|
|
# Allow telnet connection to the Internet
|
|
#
|
|
set ifilter 1 permit tcp src eq 23 estab
|
|
set ofilter 1 permit tcp dst eq 23
|
|
#
|
|
# Allow ftp access to the Internet
|
|
#
|
|
set ifilter 2 permit tcp src eq 21 estab
|
|
set ofilter 2 permit tcp dst eq 21
|
|
set ifilter 3 permit tcp src eq 20 dst gt 1023
|
|
set ofilter 3 permit tcp dst eq 20
|
|
#
|
|
# Allow access to DNS
|
|
#
|
|
set ifilter 4 permit udp src eq 53
|
|
set ofilter 4 permit udp dst eq 53
|
|
#
|
|
# Allow access from/to my company network
|
|
#
|
|
set ifilter 5 permit 192.244.191.0/24 0/0
|
|
set ofilter 5 permit 0/0 192.244.191.0/24
|
|
#
|
|
# Allow ping and traceroute response
|
|
#
|
|
set ifilter 6 permit icmp
|
|
set ofilter 6 permit icmp
|
|
set ifilter 7 permit udp dst gt 33433
|
|
set ofilter 7 permit udp dst gt 33433
|
|
#
|
|
# If none of above rules matches, then packet is blockd.
|
|
#
|