Page 1 of 1
3.0RC11 - Filter in PPP profile not work
Posted: Thu Nov 29, 2007 4:57 pm
by michalkos
I try use filter for securing my VPN clients in PPP profile - not work.
I used Incoming filter, and in filter I used LOG rule.
I didn't see any log messages in log viewer.
Bridge option didn't work too.
Re: 3.0RC11 - Filter in PPP profile not work
Posted: Mon Mar 10, 2008 9:47 pm
by cwolff
It doesn't work in 3.4 either. Vaya con dios.
Re: 3.0RC11 - Filter in PPP profile not work
Posted: Mon Mar 10, 2008 11:15 pm
by changeip
are you placing a shim jump rule in the forward chain to jump to your ppp chain? Otherwise these new chains are ignored.
Re: 3.0RC11 - Filter in PPP profile not work
Posted: Tue Mar 11, 2008 3:04 am
by cwolff
Yes, that's the workaround, which creates unwelcome "invalid" displays in the firewall rule display.
Ciao
Re: 3.0RC11 - Filter in PPP profile not work
Posted: Tue Mar 11, 2008 3:51 am
by changeip
no no no ... it shouldnt be invalid. a single jump rule with no other specifiers (in-interface, out-interface, ips, etc should all be blank) and jump to chain=ppp. It has always been this way, even in 2.9. The dynamic jumps are placed in the ppp chain then and are used.
Sam
Re: 3.0RC11 - Filter in PPP profile not work
Posted: Tue Mar 11, 2008 5:15 am
by cwolff
Well, it's invalid until the PPP user connects, then it becomes valid and applies the rules appropriately. It would be nice if it were valid at all times..
Re: 3.0RC11 - Filter in PPP profile not work
Posted: Tue Mar 11, 2008 6:26 am
by changeip
ah ... i think thats why ive seen a blank passthru rule at the top in the hotspot on the custom chains... can you enter a passthru rule with a comment and have it always be valid ?