howto: pppd closes connection even with incoming traffic now

[f.kater]

Hi,
there seem to be very little topics dealing with active-filter here and what it is good for. I thought I would just describe my experience:

I've got a DSL router running with dial on demand and a timeout of 600 seconds (/etc/ppp/pppoe.conf: DEMAND=600). There is also a firewall (iptables) blocking unallowed input packages.

The problem: Due to large amounts of unrequested incoming packages pppd never terminates the connection. Check your /var/log/syslog (if you log these kind of packages with iptables). It's surprising.

To make the timer count only outgoing traffic and ignore incoming do the following:

(1) Check if your kernel has set CONFIG_PPP_FILTER=y in /usr/src/linux/.config. If not you have to recompile the kernel.
(2) emerge libpcap
(3) Add "activefilter" to your USE var. This will compile ppp with active-filter option.
(4) emerge ppp. If you have it already, do it again.
(5) Add this line to /etc/ppp/options:

[FallenAngel]

Seems you need libpcap-0.7.2, because newer versions no longer support 'outbound' on ppp devices

[f.kater]

True. (And on that machine I even use a kernel version 2.4.x.)

However, how can we upgrade to libpcap-8.x and use outbound filter nevertheless?

Is it true that with newer kernels (>2.6.5) and libpcap-8.x we can set an outbound filter in the kernel again? Did anyone get it to run again?