![[Blue Ribbon Campaign icon]](http://br.eff.org/br.png)
last modified: Tuesday, 23-Feb-2010 15:42:09 CET
to be always online, install the script /etc/ppp/ip-down.d/99-max_always-online:
#!/bin/sh # /etc/ppp/ip-down.d/99-max_always-online: # # this script immediately re-dials the connection after it has been torn down. # If pppconfig or isdnctrl have been removed we are not supposed to do anything. test -f /usr/sbin/pppconfig || exit 1 test -f /usr/sbin/isdnctrl || exit 1 /usr/sbin/isdnctrl dial ippp0
i modified /etc/ppp/ip-up.d/00-ipppd in order to call the script inet_chains correctly:
#!/bin/sh
#/etc/ppp/ip-up.d/00-ipppd
####################################################################
# max -- 02-01-27
# call linux-user's inet_chains from this file to SET UP ipchains
#
# the script /etc/ppp/ip-up was called with the following arguments:
# Arg Name Example
# $1 Interface name ppp0
# $2 The tty ttyS1
# $3 The link speed 38400
# $4 Local IP number 12.34.56.78
# $5 Peer IP number 12.34.56.99
# $6 Optional ``ipparam'' value foo
#
#
# and made them accessible through an export of the following varialbes:
# (these variables are for the use of the scripts run by run-parts,
# such as this one)
#
# PPP_IFACE="$1"
# PPP_TTY="$2"
# PPP_SPEED="$3"
# PPP_LOCAL="$4"
# PPP_REMOTE="$5"
# PPP_IPPARAM="$6"
#
# call linux-user's inet_chains below with the following command:
# /etc/ppp/inet_chains up $PPP_IFACE a-device_not-needed $PPP_SPEED $PPP_LOCAL $PPP_REMOTE
#
####################################################################
# example /etc/ppp/ip-up.d script for use with ipppd and dynamic IP numbers.
# Edit / add to the entries to suit the requirements of the interface.
# Use the network to enable the IP dynamic hack to reset old connections
# (otherwise the RST-provoking packet can't get out).
# For a smaller set of dynamic numbers:
# PPP_NET=`echo $PPP_LOCAL | sed 's,\.[0-9]*$,.0/24,'`
# in case your ISP has a large pool of dynamic numbers (should be OK):
PPP_NET=`echo $PPP_LOCAL | sed 's,\.[0-9]*\.[0-9]*$,.0.0/16,'`
case "$PPP_IFACE" in
ippp0) route del default
route add default netmask 0 $PPP_IFACE # usually necessary
# max -- set up ipchains:
/etc/ppp/inet_chains up $PPP_IFACE a-device_not-needed $PPP_SPEED $PPP_LOCAL $PPP_REMOTE
# log it:
/bin/echo "`date` -- UP -- $PPP_LOCAL" >> /ISDN-LOG.txt
###########################################################
# debian-defaults:
#
# The next lines are for firewalling.
# See comments in /etc/isdn/device.* about firewalling!
#ipchains -D input -j DENY -i $PPP_IFACE 2>/dev/null
#ipchains -A input -j ACCEPT -i $PPP_IFACE -p TCP -d $PPP_NET 1000:
#ipchains -A input -j ACCEPT -i $PPP_IFACE -p TCP -d $PPP_NET ssh
#ipchains -A input -j ACCEPT -i $PPP_IFACE -p TCP -d $PPP_NET smtp
#ipchains -A input -j ACCEPT -i $PPP_IFACE -p TCP -d $PPP_NET ident
#ipchains -A input -j ACCEPT -i $PPP_IFACE -p UDP -d $PPP_NET 1024:
#ipchains -A input -j ACCEPT -i $PPP_IFACE -p ICMP -d $PPP_NET
#ipchains -A input -j DENY -i $PPP_IFACE
###########################################################
;;
# add more ipppX cases if you need them...
esac
in order delete the chains after isdn has hang up, the script /etc/ppp/ip-down.d/99-ipppd looks like the following:
#!/bin/sh
#/etc/ppp/ip-down.d/99-ipppd
####################################################################
# max -- 02-01-27
# call linux-user's inet_chains from this file to DELETE ipchains
#
# the script /etc/ppp/ip-up was called with the following arguments:
# Arg Name Example
# $1 Interface name ppp0
# $2 The tty ttyS1
# $3 The link speed 38400
# $4 Local IP number 12.34.56.78
# $5 Peer IP number 12.34.56.99
# $6 Optional ``ipparam'' value foo
#
#
# and made them accessible through an export of the following varialbes:
# (these variables are for the use of the scripts run by run-parts,
# such as this one)
#
# PPP_IFACE="$1"
# PPP_TTY="$2"
# PPP_SPEED="$3"
# PPP_LOCAL="$4"
# PPP_REMOTE="$5"
# PPP_IPPARAM="$6"
#
# call linux-user's inet_chains below with the following command:
# /etc/ppp/inet_chains down $PPP_IFACE a-device_not-needed $PPP_SPEED $PPP_LOCAL $PPP_REMOTE
#
####################################################################
# example /etc/ppp/ip-down.d script for use with ipppd and dynamic IP numbers.
# Edit / add to the entries to suit the requirements of the interface.
# Use the network to enable the IP dynamic hack to reset old connections.
# For a smaller set of dynamic numbers:
# PPP_NET=`echo $PPP_LOCAL | sed 's,\.[0-9]*$,.0/24,'`
# in case your ISP has a large pool of dynamic numbers (should be OK):
PPP_NET=`echo $PPP_LOCAL | sed 's,\.[0-9]*\.[0-9]*$,.0.0/16,'`
case "$PPP_IFACE" in
ippp0) route del default
route add default netmask 0 $PPP_IFACE # usually necessary
# max -- set up ipchains:
/etc/ppp/inet_chains down $PPP_IFACE a-device_not-needed $PPP_SPEED $PPP_LOCAL $PPP_REMOTE
# log it:
/bin/echo "`date` -- DOWN -- $PPP_LOCAL" >> /ISDN-LOG.txt
###########################################################
# debian-defaults:
#
# The next lines are for firewalling.
# See comments in /etc/isdn/device.* about firewalling!
#ipchains -D input -j ACCEPT -i $PPP_IFACE -p TCP -d $PPP_NET 1000:
#ipchains -D input -j ACCEPT -i $PPP_IFACE -p TCP -d $PPP_NET ssh
#ipchains -D input -j ACCEPT -i $PPP_IFACE -p TCP -d $PPP_NET smtp
#ipchains -D input -j ACCEPT -i $PPP_IFACE -p TCP -d $PPP_NET ident
#ipchains -D input -j ACCEPT -i $PPP_IFACE -p UDP -d $PPP_NET 1024:
#ipchains -D input -j ACCEPT -i $PPP_IFACE -p ICMP -d $PPP_NET
#ipchains -D input -j DENY -i $PPP_IFACE
;;
# add more ipppX cases if you need them...
esac