From owner-FreeBSD-users-jp@jp.freebsd.org  Sat Feb 21 18:43:56 1998
Received: by jaz.jp.freebsd.org (8.8.8+3.0Wbeta7/8.7.3) id SAA21486
	Sat, 21 Feb 1998 18:43:56 +0900 (JST)
Received: by jaz.jp.freebsd.org (8.8.8+3.0Wbeta7/8.7.3) with SMTP id SAA21481
	for <FreeBSD-users-jp@jp.freebsd.org>; Sat, 21 Feb 1998 18:43:55 +0900 (JST)
Received: by surface.phys.s.u-tokyo.ac.jp; id AA05701; Sat, 21 Feb 1998 19:01:20 +0900
Message-Id: <9802211001.AA05701@surface.phys.s.u-tokyo.ac.jp>
To: FreeBSD-users-jp@jp.freebsd.org
Cc: ueta@pixy.issp.u-tokyo.ac.jp
In-Reply-To: Your message of "Sun, 15 Feb 1998 05:00:53 +0900"
References: <9802142000.AA25907@surface.phys.s.u-tokyo.ac.jp>
X-Mailer: Mew version 1.06 on Emacs 19.28.1, Mule 2.3
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Date: Sat, 21 Feb 1998 19:01:20 +0900
From: Ueta Masateru <ueta@surface.phys.s.u-tokyo.ac.jp>
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: bulk
X-Distribute: distribute [version 2.1 (Alpha) patchlevel=24]
X-Sequence: FreeBSD-users-jp 24884
Subject: [FreeBSD-users-jp 24884] Re: how to disable access to ppp executed in auto mode
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org

$B?"ED(B@$BElBgJ*@-8&$G$9!#(B

$B$$$/$D$+$N%U%)%m!<$rD:$-!"$J$s$H$+2r7h$9$k$3$H$,=PMh$^$7$?!#$A$J$_$K86(B
$B0x$O(B
$B!&(B ppp.conf $B$N@_Dj$N$"$d$^$j(B
$B$,7k6I$N<g0x$@$C$?$h$&$G$9!#(B

$B$H$$$&$3$H$G!"%U%)%m!<$r$7$F2<$5$C$?$+$?$X$N46<U$NG0$r$3$a$F(B Q&A $B$K$7(B
$B$F$_$^$7$?!#4*0c$$$J$s$+$,$"$A$3$A$K$"$k$+$b$7$l$J$$$N$G!"%U%)%m!<4?7^(B
$B$7$^$9!#$^$?!"$b$7LdBj$,L5$$$h$&$G$7$?$i(B qanda@jp.freebsd.org $B$NJ}$KAw(B
$B$i$;$F$b$i$&$D$b$j$G$9!#(B

#$B!V%^%K%e%"%k$rFI$a!W$H8@$o$l$?$i=*$j$J$3$H$P$C$+$j$J$N$,!"2f$J$,$i4V(B
#$BH4$1(B ;-)
--- $B$3$3$+$i(B
Q1.
FreeBSD2.2.1-Rel. $B$KIUB0$5$l$F$$$k(B PPP $B%3%^%s%I$r;HMQ$7$F$$$^$9!#$3$N(B 
PPP $B%3%^%s%I$r(B auto $B%b!<%I$d(B ddial $B%b!<%I$G;HMQ$7$?$H$-$K;HMQ$G$-$k$h(B
$B$&$K$J$k@)8f%\!<%H(B (3000/tcp) $B$X$N(B Internet $B$J$I$N@\B3Aj<jB&$+$i$N%"%/(B
$B%;%9$r5qH]$7$?$$$N$G$9$,$I$&$9$l$P$$$$$N$G$7$g$&$+!)(B

A1.
 ppp $B$N(B ifilter $B$r@_Dj$7$F$/$@$5$$!#(Bifilter $B$r@_Dj$9$k$3$H$GAj<jB&$+$i(B
$B$N%Q%1%C%H$N<u?.$N5v2D!"$*$h$S5qH]$r;XDj$G$-$^$9!#:#2s$N>l9g$O$O(B PPP 
$B$N@)8f%]!<%H$KBP$7$F(B ifilter $B$r@_Dj$9$k$3$H$K$J$j$^$9!#<!$N$h$&$J%(%s(B
$B%H%j!<$r(B ppp.conf $B$NE,Ev$J>l=j$KDI2C!"$"$k$$$O(B telnet $B%3%^%s%I$rMxMQ$7(B
$B$F@)8f%]!<%H$+$i@_Dj$7$F$/$@$5$$!#(B

$B!&(Bppp.conf $B$K=q$/>l9g$N@_DjNc(B:
 ifilter 0 deny tcp dst eq 3000(*)
$B!&(Btelnet localhost 3000 $B$H$7$F@)8f%]!<%H$+$i@_Dj$9$k>l9g$NNc(B
 set ifilter 0 deny tcp dst eq 3000
#localhost $B$OE,59JQ99$9$k>l9g$,$"$j$^$9(B

(*) $B$N0UL#$O=gHV$K(B (1)ifilter $B$G$"$k$3$H$r@k8@(B,(2) 0 $BHVL\$NDj5A$G$"$k(B
$B$3$H$r@k8@!#$3$N(B 0 $B$O>l9g$K$h$C$F$O(B 20 $B$^$G$NG$0U$NCM$K$J$k$3$H$,$"$j(B
$B$^$9(B,(3)$B5qH](B(deny) $B$9$k$3$H$r@k8@(B,(4)dst $BAj<jB&$+$i$N%Q%1%C%H$G$"$k$3(B
$B$H$r@k8@(B,(5)eq 3000 $B$H$7$F(B 3000 $BHV%]!<%H$KBP$9$k@_Dj$G$"$k$3$H$r@k8@$7(B
$B$F$$$^$9!#(B
$B$J$*$3$N(B ifilter $B$r;HMQ$9$k$3$H$G(B security level $B$N8~>e$J$I$r?^$k$3$H(B
$B$J$I$b2DG=$G$9!#>\$7$/$O(B ppp(8) $B$N%^%K%e%"%k$r;29M$K$7$F$/$@$5$$!#(B

Q2.
Q1&A1 $B$G@\B3Aj<j@h$+$i$N(B PPP $B@)8f%]!<%H$X$N%"%/%;%9$O5qH]$9$k$3$H$,=P(B
$BMh$k$h$&$K$J$j$^$7$?!#$G$b!"0MA3$H$7$FFbIt$+$i$N%"%/%;%9$K$OL5KIHw$G$9!#(B
$BFbIt$+$i$N%"%/%;%9$KBP$9$kKIHw$N8~>e$O$I$N$h$&$K$9$l$P$G$-$k$h$&$K$J$j(B
$B$^$9$+(B ?

A2.
$B2r7h$K$O$H$j$"$($:(B 2 $BDL$j$NJ}K!$,9M$($i$l$^$9!#(B
$B0l$DL\$O!"(Bipfw $B%3%^%s%I$r;HMQ$9$kJ}K!$G$9!#(B
ipfw add allow all from any to any 
ipfw add deny tcp from 192.168.1.0/24 to any 3000
$B$HFs$DF~NO$9$l$P@)8f%]!<%H$X$NFbIt%M%C%H%o!<%/$+$i$N%"%/%;%9$,6X;_$5$l(B
$B$k$O$:$G$9!#>\$7$/$O(B ipfw(8) $B$r;2>H$7$F$/$@$5$$!#(B
$B$J$*!"$3$N%3%^%s%I$rMxMQ$9$k>l9g$O(B kernel $B$N@_Dj$K(B
options IPFIREWALL
$B$H$$$&@_Dj$,F~$C$F$$$kI,MW$,$"$j$^$9!#(Bkernel $B$N:F9=C[$K$D$$$F>\$7$/$O!"(B
handbook $B$r;2>H$7$F$/$@$5$$!#$^$?(B options $B$J$I$N@_Dj$K4X$7$F$O(B 
/usr/src/sys/i386/conf/LINT.jp $B$J$I$r;29M$K$7$F$/$@$5$$!#(B

$BFs$DL\$O(B FreeBSD-2.2.5-Rel. $B$KIUB0$5$l$F$$$k(B ppp $B%3%^%s%I$rMxMQ(B
$B$9$k$3$H$G$9!#(B2.2.5REL. $B$KImB0$5$l$F$$$k(B ppp $B%3%^%s%I$O<!$N$h$&$J%a%j%C(B
$B%H$,$"$j$^$9!#(B
$B!&(B root $B0J30$N(B user $B$,(B ppp $B%3%^%s%I$r5/F0=PMh$J$$(B
$B!&@)8f%]!<%H$K%"%/%;%9$9$k>l9g%Q%9%o!<%I$,MW5a$5$l$k(B
$B$?$@$7$3$N>l9g(B FreeBSD2.2.5-Rel $B$N(B CD $B$J$I$+$i(B ppp $B%3%^%s%I$@$1$r;}$C(B
$B$F$-$F$b@5>o$JF0:n$O4|BT=PMh$^$;$s!#(B2.2.5-Rel. $B$N(B ppp $B%3%^%s%I$N%=!<%9(B
$B$N%3%s%Q%$%k(B($B$?$@$7!"<c43(B skill $B$,MW5a$5$l$^$9(B)$B!"$^$?$O(B system $B$N(B 
2.2.5-Rel. $B$X$N(B upgrade $B$J$I$r$9$kI,MW$,$"$j$^$9!#(B

Q3.
A1 $B$N$h$&$K@_Dj$7$?$O$:$J$N$K4|BTDL$j$NF0:n$r$7$^$;$s(B :-(

A3.
2.2.1-Rel. $B$KIUB0$N(B ppp $B%3%^%s%I$K$O<FED@i=U$5$s$K$h$C$F(B filter $B<~$j$K(B
$B%P%0$,$"$k$3$H$,;XE&$5$l$F$$$^$9!#<FED$5$s$NH/I=$5$l$F$$$k%Q%C%A$r$^$:(B
$BEv$F$F8+$F$/$@$5$$!#(B
$B$=$l$G$b4|BTDL$j$NF0:n$r$7$J$$>l9g$O<!$N(B Q4&A4 $B$r8+$F$/$@$5$$!#(B

Q4.
$B2?EY$b@_Dj$r8+D>$7$?$O$:$J$N$K(B ppp $B$,4|BTDL$j$NF0:n$r$7$^$;$s(B :-(	
$B$b$&(B ppp $B$N%^%K%e%"%k$O8+K0$-$^$7$?(B :-( 

A4.
$B:G8e$K<!$N=j$@$1$G$b8+D>$7$F$/$@$5$$(B :-)
1.ppp.conf $B$NCf$K6uGr$@$1$N9T$,F~$C$F$$$^$;$s$+(B?$B$?$H$($P(B
 ifilter permit 0 0
                     $B"+$3$N9T6uGr(B
 ofilter permit 0 
$B$H$$$&$h$&$K6uGr$@$1$N9T$rF~$l$F$$$k$H!"6uGr9T0J9_$r(B ppp $B%3%^%s%I$OFI(B
$B$s$G$/$l$^$;$s!#(B

2.filter $B$N@_Dj$r(B ppp $B$N%3%^%s%I%W%m%s%W%H$+$i3NG'$7$?;~!"@_DjHV9f(B 0 
$BHVL\$+$iI=<($5$l$^$9$+!)(B ppp $B$N%3%^%s%I%W%m%s%W%H$G(B show ifilter $B$H$7(B
$B$?;~(B
 ifilter 1 permit tcp 0 0 
 ifilter 2 permit udp 0 0 
  :
$B$H$$$&$h$&$K(B 0 $B0J30$NHV9f$+$iI=<($5$l$?>l9g(B filter $B$OF0:n$7$F$$$^$;$s!#(B 
0 $BHV$+$i@_Dj$7$F$/$@$5$$!#(B
 
3.filter $B$N@_Dj$r$9$k;~$N(B port $BHV9f$J$I$O@5$7$/;XDj$5$l$F$$$^$9$+!)$b$7(B
  ifilter 0 permit tcp gt 0
$B$H$$$&$h$&$K@5$7$/$J$$(B (port $BHV9f$O(B 1 $B$+$i$G$9(B) $BHV9f$r;XDj$7$?>l9g!"$3(B
$B$N@_Dj9T$O%(%i!<$H$7$F=hM}$5$l$^$9!#$b$7$3$N9T$,(B 0 $BHVL\$N5,B'$rDj5A$7(B
$B$?>l9g!"(B 0 $BHVL\$ODj5A$5$l$F$$$J$$$3$H$K$J$j$^$9!#(B

4.$BDj5A$N=gHV$O@5$7$$$G$9$+(B? ppp $B%3%^%s%I$O(B filter $B$N5,B'$r(B 0 $B$+$i=gHV(B
$B$KD4$Y$F$$$C$F9gCW$7$?$H$3$m$N5,B'$r;HMQ$7$^$9!#$D$^$j(B
 ifilter 0 permit tcp
 ifilter 1 deny tcp dst 3000
 : 
$B$H@_Dj$7$F$"$k>l9g(B 0 $BHVL\$N5,B'!V(B tcp $B%Q%1%C%H$O$9$Y$F5v2D!W$H$$$&5,B'(B
$B$,E,MQ$5$l$F$7$^$$$^$9!#$b$7(B 3000 $BHV%]!<%H$N%"%/%;%9$rIu$8$?$$>l9g$O(B
 ifilter 0 deny tcp dst 3000
 ifilter 1 permit tcp
 :
$B$H$$$&$h$&$K@_Dj$7$F!"@h$K(B 3000 $BHV%]!<%H%"%/%;%95qH]$,(B filter $B$N5,B'$H(B
$B$J$k$h$&$K$7$F$/$@$5$$!#(B
filter $B$N@_Dj$N=gHV$K$OCm0U$,I,MW$G$9!#$3$N=gHV$r@5$7$/$7$F$*$+$J$$$H(B 
filter $B$NLrL\$rA4$/2L$?$5$J$$4m81@-$,$"$j$^$9!#(B

--- $B$3$3$^$G(B
$B$G$O(B
--
$B?"ED(B $B@551(B ueta@surface.phys.s.u-tokyo.ac.jp
