Re: Ping o' Death is killing pppd on my router.....
On Tue, 15 Apr 1997, Dave Cinege wrote:
> That just about somes it up....
>
> If the router sends, receives or carries a ping flood (ping -f or ping -l
> 65510) pppd dies. I'm unable to hang-up the modem from anything I do in
> telnet. (serial ports have no DTR line) After I flash the power on the modem
> I can telnet in and "/etc/init.d/ppp start" and everything comes back up.
>
> 2.0.29 kernel, with Newest IP Masquerade patch.
Since you're running IP Masq, you've got IP firewalling enabled. Here's a
little something I use in my /etc/ppp/ip-up to:
1) Turn off ip forward (you might not want to do this in your situation..)
2) Flush the input rules
3) reject *any* ICMP headed for the ppp0 interface
4) reject tcp/udp packets headed for priveleged ports on my ppp0 addr.
I use that fun awk stuff since my dialup is a dynamically assigned IP
address.
PPP_ADDR=`ifconfig ppp0|grep inet|awk -F: '{print $2}'|awk -F " " '{print $1}'`
ipfwadm -F -p deny
ipfwadm -I -f
ipfwadm -I -a reject -b -P icmp -S 0.0.0.0/0 -D ${PPP_ADDR}/32
ipfwadm -I -a reject -b -P tcp -S 0.0.0.0/0 -D ${PPP_ADDR}/32 1:1023
ipfwadm -I -a reject -b -P udp -S 0.0.0.0/0 -D ${PPP_ADDR}/32 1:1023
Jason Costomiris | Finger for PGP 2.6.2 Public Key
jcostom@sjis.com | "There is a fine line between idiocy
My employers like me, but not | and genius. We aim to erase that line"
enough to let me speak for them. | --Unknown
http://www.jasons.org/~jcostom
Reply to: