diff options
| author | brian <brian@FreeBSD.org> | 2000-07-11 22:11:36 +0000 |
|---|---|---|
| committer | brian <brian@FreeBSD.org> | 2000-07-11 22:11:36 +0000 |
| commit | 7bc7c104eeee992d6a92297317b9f35e89e9096c (patch) | |
| tree | df8dd7356dce1ca25dbb18c53c87fd96e8dc3265 /usr.sbin/ppp/ppp.8.m4 | |
| parent | a3d0c189ea25a7af3dfab30112f5d8d65e214e1c (diff) | |
| download | FreeBSD-src-7bc7c104eeee992d6a92297317b9f35e89e9096c.zip FreeBSD-src-7bc7c104eeee992d6a92297317b9f35e89e9096c.tar.gz | |
Allow a ``timeout secs'' filter option to let specific packet types
effect the idle timer in different ways.
Submitted by: Stefan Esser <se@freebsd.org>
With adjustments by me to document the option in the man page and to
give the same semantics for outgoing traffic as incoming.
I made the style more consistent in ip.c - this should really have
been done as a separate commit.
Diffstat (limited to 'usr.sbin/ppp/ppp.8.m4')
| -rw-r--r-- | usr.sbin/ppp/ppp.8.m4 | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/usr.sbin/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp.8.m4 index 3cc6203..d53014d 100644 --- a/usr.sbin/ppp/ppp.8.m4 +++ b/usr.sbin/ppp/ppp.8.m4 @@ -1541,7 +1541,7 @@ set filter .Op estab .Op syn .Op finrst -.Oc +.Oc Op timeout Ar secs .Bl -enum .It .Ar Name @@ -1644,6 +1644,15 @@ flags are only allowed when is set to .Sq tcp , and represent the TH_ACK, TH_SYN and TH_FIN or TH_RST TCP flags respectively. +.It +The timeout value adjusts the current idle timeout to at least +.Ar secs +seconds. +If a timeout is given in the alive filter as well as in the in/out +filter, the in/out value is used. If no timeout is given, the default +timeout (set using +.Ic set timeout +and defaulting to 180 seconds) is used. .El .Pp .It @@ -1651,8 +1660,9 @@ Each filter can hold up to 40 rules, starting from rule 0. The entire rule set is not effective until rule 0 is defined, i.e., the default is to allow everything through. .It -If no rule is matched to a packet, that packet will be discarded -(blocked). +If no rule in a defined set of rules matches a packet, that packet will +be discarded (blocked). +If there are no rules in a given filter, the packet will be permitted. .It It's possible to filter based on the payload of UDP frames where those frames contain a @@ -4385,7 +4395,7 @@ as they travel across the link. .Op estab .Op syn .Op finrst -.Oc +.Oc Op timeout Ar secs .Xc .Nm supports four filter sets. @@ -4410,7 +4420,7 @@ filter specifies packets that are allowed out of the machine. Filtering is done prior to any IP alterations that might be done by the NAT engine on outgoing packets and after any IP alterations that might be done by the NAT engine on incoming packets. -By default all filter sets allow all packets to pass. +By default all empty filter sets allow all packets to pass. Rules are processed in order according to .Ar rule-no (unless skipped by specifying a rule number as the @@ -4425,8 +4435,12 @@ and filters, this means that the packet is dropped. In the case of .Em alive -filters it means that the packet will not reset the idle timer and in -the case of +filters it means that the packet will not reset the idle timer (even if +the +.Ar in Ns No / Ns Ar out +filter has a +.Dq timeout +value) and in the case of .Em dial filters it means that the packet will not trigger a dial. A packet failing to trigger a dial will be dropped rather than queued. |
