Thanks to everyone that replied, the problem is exactly as explained by Toomas,
and can either be solved by updating ipf in the ppp.linkup file, or probably
more correctly/cleanly using Toomas's method of 'to any'.
Thanks again
Rekkie
--- On Wed 06/08, Toomas Aas < > wrote:
From: Toomas Aas [mailto: ]
To:
Cc: [email protected]
Date: Wed, 08 Jun 2005 22:30:33 +0300
Subject: Re: SSH port open despite ipf rules
Fernando Gleiser wrote:<br><br>> <br>> why can't you use the "0/32 trick"? I
have a dynamic IP and use<br>> <br>> block in quick on ed1 proto tcp from any
to 0/32 port = 22 flags S<br>> <br>> That means "block it to whatever address
ed1 has"<br><br>I guess the problem is not with dynamic IP per se, but with
PPP. When <br>using userland PPP, the IPFilter rules are loaded before PPP has
had <br>it's chance to bring up the tun0 interface and so the interface has no
<br>address when the rules are loaded.<br><br>I just use 'to any' in my
IPFilter rules with PPPoE.<br><br><br><br>---<br>... One can never know for
sure what a deserted area looks like.<br>
_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!
