DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Configuring the Point-to-Point Protocol (PPP)

PPP packet filtering

PPP permits the transfer of IP packets over a serial line via a PPP network interface. Packet filtering permits control of the traffic through a PPP network interface based on the contents of the packets passed to the interface. Packet filter control is provided for these interface functions:


bring up
By default, any packet passed to an outgoing link from a dedicated serial or automatic dialup endpoint will bring the interface up if it is down. Packet filtering provides for specifying that only some types of packets may bring up a PPP interface.

pass
By default, any packet passed to an interface is allowed to pass through that interface. Packet filtering provides for specifying that only some types of packets may pass through a PPP interface.

keep up
By default, any packet passed to an interface will reset the idle timer for that interface. (Expiration of the idle timer will cause the interface to be automatically brought down.) Packet filtering provides for specifying that only some types of packets may reset the idle timer for a PPP interface.

Packets can be qualified or disqualified for: Packet filtering is specified on a per-endpoint basis, although more than one endpoint may share the same packet filtering parameters.

Creating a packet filter

Packet filter entries must be edited into the /etc/pppfilter file. Two or more PPP endpoint configurations can share the same entry.

If /etc/pppfilter does not exist or no filter file entry is specified for an endpoint, then all packets bring up the interface, all packets are passed, and all packets reset the idle timer.

The following filter entry describes the default behavior of a PPP link:

   # tag    keyword  filter
   

default bringup !port ntp and !port who and !port route\ and !port timed and !port bgp and !ip proto 8\ and !ip proto 63 and !ip proto 89 and icmp[20]!=9\ and icmp[20]!=10 pass \ keepup !port ntp and !port who and !port route\ and !port timed and !port bgp and !ip proto 8\ and !ip proto 63 and !ip proto 89 and icmp[20]!=9\ and icmp[20]!=10

This specification does not allow ntp, rwhod, routed, timed, gated, or irdd, packets to bring up or keep up the link, but it does allow all packets to pass the link.

See the packetfilter(SFF) manual page for a description of the format for the filter file.


Next topic: PPP authentication methods
Previous topic: Logging PPP information

© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003