From 2b5045a7886d713db96eb21d4ac544dd2c117d98 Mon Sep 17 00:00:00 2001 From: Paul Mackerras Date: Thu, 27 Nov 2003 21:55:19 +0000 Subject: [PATCH] Enable PPP filtering by default on Linux. --- pppd/Makefile.linux | 7 +++---- pppd/pppd.8 | 12 ++++++------ 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux index 85113d0..b52a129 100644 --- a/pppd/Makefile.linux +++ b/pppd/Makefile.linux @@ -1,6 +1,6 @@ # # pppd makefile for Linux -# $Id: Makefile.linux,v 1.59 2003/06/11 23:56:26 paulus Exp $ +# $Id: Makefile.linux,v 1.60 2003/11/27 21:55:19 paulus Exp $ # # Default installation locations @@ -46,9 +46,8 @@ MPPE=y # Uncomment the next line to include support for PPP packet filtering. # This requires that the libpcap library and headers be installed -# and that the kernel driver support PPP packet filtering, which it -# doesn't yet. -#FILTER=y +# and that the kernel driver support PPP packet filtering. +FILTER=y # Uncomment the next line to enable multilink PPP (enabled by default) # Linux distributions: Please leave multilink ENABLED in your builds diff --git a/pppd/pppd.8 b/pppd/pppd.8 index ecf01da..500949f 100644 --- a/pppd/pppd.8 +++ b/pppd/pppd.8 @@ -1,5 +1,5 @@ .\" manual page [] for pppd 2.4 -.\" $Id: pppd.8,v 1.73 2003/06/29 10:04:50 paulus Exp $ +.\" $Id: pppd.8,v 1.74 2003/11/27 21:55:19 paulus Exp $ .\" SH section heading .\" SS subsection heading .\" LP paragraph @@ -215,8 +215,8 @@ except that qualifiers which are inappropriate for a PPP link, such as \fBether\fR and \fBarp\fR, are not permitted. Generally the filter expression should be enclosed in single-quotes to prevent whitespace in the expression from being interpreted by the shell. This option -is currently only available under NetBSD or Linux, and then only -if both the kernel and pppd were compiled with PPP_FILTER defined. +is currently only available under Linux, and requires that the kernel +was configured to include PPP filtering support (CONFIG_PPP_FILTER). .TP .B allow-ip \fIaddress(es) Allow peers to use the given IP address or subnet without @@ -831,7 +831,7 @@ Specifies a packet filter to applied to data packets being sent or received to determine which packets should be allowed to pass. Packets which are rejected by the filter are silently discarded. This option can be used to prevent specific network daemons (such as -routed) using up link bandwidth, or to provide a basic firewall +routed) using up link bandwidth, or to provide a very basic firewall capability. The \fIfilter-expression\fR syntax is as described for tcpdump(1), except that qualifiers which are inappropriate for a PPP link, such as @@ -840,8 +840,8 @@ expression should be enclosed in single-quotes to prevent whitespace in the expression from being interpreted by the shell. Note that it is possible to apply different constraints to incoming and outgoing packets using the \fBinbound\fR and \fBoutbound\fR qualifiers. This -option is currently only available under NetBSD or Linux, and then -only if both the kernel and pppd were compiled with PPP_FILTER defined. +option is currently only available under Linux, and requires that the +kernel was configured to include PPP filtering support (CONFIG_PPP_FILTER). .TP .B password \fIpassword-string Specifies the password to use for authenticating to the peer. Use -- 2.39.2