On 1018840830 seconds since the Beginning of the UNIX epoch
David Forrai wrote:
>
>I was trying to make it such that when my machine booted it was ready to forwa
>rd
>packets after dial-up without manual intervention (i.e. restarting ipfilter).
>
>As for the other statements regarding security, read the subject line: "for
>dial-up".  In a dial-up situation you don't have to worry about packet forward
>ing
>before firewalling because dial-up is an on demand process that occurs after b
>oot.

What I typically do for my dial-up box is that since the IP address
is assigned dynamically and I want the packet filter rules and NAT
rules to depend on the address, I set it all up in /etc/ppp/ip-up
and destroy it all in /etc/ppp/ip-down.  I believe that pppd(8)
guarantees that the TRT happens, because it processes no packets
until /etc/ppp/ip-up exits.

 == Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/  ==
 == The Unofficial NetBSD Web Pages        http://www.Imrryr.ORG/NetBSD/  ==
 == The NetBSD Project                            http://www.NetBSD.ORG/  ==