.\" manual page [] for pppd 2.4
-.\" $Id: pppd.8,v 1.73 2003/06/29 10:04:50 paulus Exp $
+.\" $Id: pppd.8,v 1.78 2004/11/04 09:57:42 paulus Exp $
.\" SH section heading
.\" SS subsection heading
.\" LP paragraph
\fBether\fR and \fBarp\fR, are not permitted. Generally the filter
expression should be enclosed in single-quotes to prevent whitespace
in the expression from being interpreted by the shell. This option
-is currently only available under NetBSD or Linux, and then only
-if both the kernel and pppd were compiled with PPP_FILTER defined.
+is currently only available under Linux, and requires that the kernel
+was configured to include PPP filtering support (CONFIG_PPP_FILTER).
+Note that it
+is possible to apply different constraints to incoming and outgoing
+packets using the \fBinbound\fR and \fBoutbound\fR qualifiers.
.TP
.B allow-ip \fIaddress(es)
Allow peers to use the given IP address or subnet without
Set the CHAP restart interval (retransmission timeout for challenges)
to \fIn\fR seconds (default 3).
.TP
+.B child-timeout \fIn
+When exiting, wait for up to \fIn\fR seconds for any child processes
+(such as the command specified with the \fBpty\fR command) to exit
+before exiting. At the end of the timeout, pppd will send a SIGTERM
+signal to any remaining child processes and exit. A value of 0 means
+no timeout, that is, pppd will wait until all child processes have
+exited.
+.TP
.B connect-delay \fIn
-Wait for up \fIn\fR milliseconds after the connect script finishes for
+Wait for up to \fIn\fR milliseconds after the connect script finishes for
a valid PPP packet from the peer. At the end of this time, or when a
valid PPP packet is received from the peer, pppd will commence
negotiation by sending its first LCP packet. The default value is
received to determine which packets should be allowed to pass.
Packets which are rejected by the filter are silently discarded. This
option can be used to prevent specific network daemons (such as
-routed) using up link bandwidth, or to provide a basic firewall
+routed) using up link bandwidth, or to provide a very basic firewall
capability.
The \fIfilter-expression\fR syntax is as described for tcpdump(1),
except that qualifiers which are inappropriate for a PPP link, such as
in the expression from being interpreted by the shell. Note that it
is possible to apply different constraints to incoming and outgoing
packets using the \fBinbound\fR and \fBoutbound\fR qualifiers. This
-option is currently only available under NetBSD or Linux, and then
-only if both the kernel and pppd were compiled with PPP_FILTER defined.
+option is currently only available under Linux, and requires that the
+kernel was configured to include PPP filtering support (CONFIG_PPP_FILTER).
.TP
.B password \fIpassword-string
Specifies the password to use for authenticating to the peer. Use
Require the use of MPPE, with 128\-bit encryption.
.TP
.B require-mschap
-Require the peer to authenticate itself using MS-CHAP [Microsft Challenge
+Require the peer to authenticate itself using MS-CHAP [Microsoft Challenge
Handshake Authentication Protocol] authentication.
.TP
.B require-mschap-v2
-Require the peer to authenticate itself using MS-CHAPv2 [Microsft Challenge
+Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge
Handshake Authentication Protocol, Version 2] authentication.
.TP
.B require-eap
.TP
.B LINKNAME
The logical name of the link, set with the \fIlinkname\fR option.
+.TP
+.B DNS1
+If the peer supplies DNS server addresses, this variable is set to the
+first DNS server address supplied.
+.TP
+.B DNS2
+If the peer supplies DNS server addresses, this variable is set to the
+second DNS server address supplied.
.P
Pppd invokes the following scripts, if they exist. It is not an error
if they don't exist.