Re: Most useful pppd active-filter string for Linux

From: Andy Furniss (spam.bucket_at_surfanytime.co.uk)
Date: 08/24/03 

Date: Sun, 24 Aug 2003 09:53:46 +0100

pbs wrote:

> If a (RH) linux pppd daemon is set up to "dial on demand" and hold the
> line open while legitimate/solicited packets are passed across it; given
> the number of unsloicited packets comming across a dialup link:
> P2P (KaZaA edonkey etc), Microsft servers ports (137 etc), unsolicited
> pings (icmp[0]=8), etc,etc;
>
> What is the most useful string to put in the active-filter line of the
> /etc/ppp/options file so that the line only stays up for genuine
> connections (including FTP (none passive) client sessions and
> outgoing pings)?
>
> NB This is a posting of a question about the packets keeping a
> linux PPP link up, it is NOT about firewalls (ipconfig/iptables).
>
I used to use just 'outbound' - but it won't work unless you have a
firewall to stop you sending port unreachables/rst.

I did use one for a while before I got the firewall together - it worked
for me, but is probably flawed, definatley inelegant & didn't get tested
for very long.

outbound and not ((tcp[13] & 4 !=0) or (icmp[0] = 3))

As for FTP - I don't know, I never had problems - a question of timeouts I
suppose.

Andy.