On 2006-08-26 19:46, "J.D. Bronson" <[EMAIL PROTECTED]> wrote:
> Ok guys...now that I have ipfilter working...I need to run a few
> commands in /etc/ppp/ppp;linkup and cant figure out the syntax...
> % cat /etc/ppp/ppp.linkup
> # It is no longer necessary to re-add the default route here as our
> ! sh -c "/sbin/ipnat -CF -f /etc/ipnat.conf"
> ! sh -c "/sbin/ipf -F -f /etc/ipf.conf"
> ! sh -c "/sbin/ipf -Fa -f /etc/ipf.conf"
> ! sh -c "/sbin/ipf -y"

Watch out for that empty line, if it is *REALLY* part of your
`ppp.linkup' script.  Empty lines are section delimiters in ppp(8)
config files.

Thereis also no reason to run ipf _twice_!

Please also note that I don't use "sh -c" to signal ntpd to start/stop
from my ppp.linkup script and it all works fine:

    [EMAIL PROTECTED]:/root# cat -n /etc/ppp/ppp.linkup
         1  MYADDR:
         2   ! /etc/rc.d/ntpd start
    [EMAIL PROTECTED]:/root#

Maybe the whole sh -c and quoting stuff you are using is not really
passed down to sh(1) but is parsed by ppp(8) when `ppp.linkup' is read?

I am also not sure if it is a good idea to run ``ipnat -CF'' of
``ipf -Fa''.  What about states of existing connections?  If you
momentarily lose the PPP connection, but it then comes up pretty fast,
you are effectively dropping all previous connection information here,
even though it may still be valid and useful.

I'd go for the simpler syntax of:

     ! /sbin/ipf -y

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to