* Robert Klein wrote on Tue, Mar 19, 2002 at 08:32 +0100:
SuSEfirewall2 needs to be restarted after you got a new IP address. I usually start it in the ip-up script (kernel pppoe).
Hum, and again. Can someone explain any need for this restarting hack, please? I don't see why you shouldn't say accept incoming packets on ppp0 for any IP, so it doesn't matter what IP you have there. Especially on peer-to-peer devices you will get the packets dedicated for you routed only. Even if you would get the wrong packets, the pppd would drop them. And then you can enable rp_filter. And if you really want to drop packets arriving on ppp0 and not matching your IP, you can make a new chain for that and just rewrite a single rule, but I don't see any need for it. If your ip-up accepts any IP the peer assigns, which is usually the way it goes, why adapting the firewall? Either you trust the peer to assign you correct IPs or don't trust (and don't use at all). oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.