![](https://seccdn.libravatar.org/avatar/aea6ff164782a3eabcdf423ec35d2aba.jpg?s=120&d=mm&r=g)
Tom Schaefer wrote:
Jonathan Markevich wrote:
Please let me know if you can see any improvements. I am just learning shell scripting!
You're a helluva lot better than I''ll ever be!Perhaps this will compliment your ppp script ... Here's a modified firewall script. I downloaded this script a while back from a MASQ page on the net - sorry I don't know who actually wrote it, but it seems to work fine. I run this after the link is up, and it does a nice job.
So why don't you use the firewall/masquerading scipts included in the distrubution?
The main modification is that it automatically detects the ppp0 address, which is handy for those who have dynamic IP addresses. If anyone finds fault with it,
That's nice, but not realy needed...
please let me know. There's nothing worse than a crappy firewall script!
The only thing I haven't added yet is a way to kick this script after an automatic redial.
You don't need to if you set up the firewall rules on a device and not on a address like the script you posted. The rules can be set up at any time, it doesn.t care if the interface is existung or not. If it exists the rules will take care of the traffic. Waht you can do is edit /etc/rc/config and set up the FW_* and MSQ_* variables like described in the manual, and set the FW_START/MSQ_START to 'yes' to make them active. The firewall then will protect you at the time you are connected and you don't have to think about starting/stopping the firewall. BTW, to remove the rules, which are installed by your script, try this: ipfwadm -f -I ipfwadm -f -O ipfwadm -f -F
ppp 2.3.0 redials automatically just fine, and will accomplish 900f the time that which Jonathan's script is doing. Since I'm somewhat limited on time, I haven't figured out what signal it takes to "kick" it into redial, other than the fact that if the connection is terminated by the other end, it starts redialing nicely.
You can also use 'diald', which works perfect for me. (In fact, our office has been connectet to the internet via a diald controlled PPP link. But since last week we have our T1 up and running and no dialing is needed any more...:)
And of course, you're all wondering why I don't use the SuSE supplied firewall/MASQ scripts, it's like anything else - you use what you know works. I haven't had time to read the docs and test their scripts, as I'm not sure what some of the values are in rc.config.
They are documented in the manual, and I will try to translate my Mini-Howto in englisch ASAP... Ciao, BB -- Bodo Bauer S.u.S.E., LLC fon +1-510-835 7873 bb@suse.de 458 Santa Clara Avenue fax +1-510-835 7875 <A HREF="http://www.suse.com"><A HREF="http://www.suse.com</A">http://www.suse.com Oakland CA, 94610 USA -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e