ipfilter ipf.conf on solaris 10 problems

From: sunlist (sun@oryx.cc)
Date: Fri Sep 16 2005 - 19:01:50 EDT

• Next message: John DiMarco: "Sun Managers Frequently Asked Questions (FAQ)"
• Previous message: David STAPLETON: "Clarification: Problem with LiveUpgrade lucreate from Sol7 to Sol8 : CPIO error."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I am having problems moving from SunScreen 3.2 from Solaris 9 to ipfilter as
shipping with Solaris 10. Aside from struggling with SMF, I continue to get
this error from my ipf.conf file when I try to start the ipfilter service:

syntax error error at "pass", line 24

This is a Sun X1 system running Solaris 10 Sparc + latest cluster patch. My
ipf.conf file is posted at the bottom of this message. Line number 24 is high
lighted, but I can move the rules around, and ipfilter always errors out on the
first "pass in" line.

The odd part of all of this is, this exact configuration has been operational on
a Solaris 9 system for over a year. Also, as you can probably tell from my ip
address assignment, this is an internal test network.

TIA for any comments.

Jerry K

====================================================

ipf.conf file

#!/usr/sbin/ipf -f -
#
# IP Filter Rules
#
# Leave the communications on the loopback interface out of the equation

pass in quick on lo0 all
pass out quick on lo0 all

# Leave the communications on the inside interface alone also

# pass in quick on dmfe1 all
# pass out quick on dmfe1 all

# Leave outgoing sessions alone and keep state
pass out quick proto tcp from any to any flags S/SA keep state keep frags
pass out quick proto udp from any to any keep state keep frags
pass out quick proto icmp from any to any keep state

# INTERNET interface rules
pass out quick on dmfe0

pass in quick on dmfe0 proto icmp from any to 1.1.1.40/32 icmp-type 0 <---line 24
pass in quick on dmfe0 proto icmp from any to 1.1.1.40/32 icmp-type 11
block in quick on dmfe0 proto icmp from any to any

pass in quick on dmfe0 proto udp from any to 1.1.1.40/32 port = 53
pass in quick on dmfe0 proto udp from any to 1.1.1.40/32 port = 123
block in quick on dmfe0 proto udp from any to 1.1.1.40/32 port = 111

pass in quick on dmfe0 proto tcp from any to 1.1.1.40/32 port = 20 keep state
pass in quick on dmfe0 proto tcp from any to 1.1.1.40/32 port = 21 keep state
pass in quick on dmfe0 proto tcp from any to 1.1.1.40/32 port = 22 keep state
pass in quick on dmfe0 proto tcp from any to 1.1.1.40/32 port = 25 keep state
pass in quick on dmfe0 proto tcp from any to 1.1.1.40/32 port = 53 keep state
pass in quick on dmfe0 proto tcp from any to 1.1.1.40/32 port = 80 keep state
block in quick on dmfe0 proto tcp from any to 1.1.1.40/32 port = 514
block in quick on dmfe0 proto tcp from any to 1.1.1.40/32 port = 898
block in quick on dmfe0 proto tcp from any to 1.1.1.40/32 port = 4045
pass in quick on dmfe0 proto tcp from any to 1.1.1.40/32 port > 1024

block in on dmfe0 all
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: John DiMarco: "Sun Managers Frequently Asked Questions (FAQ)"
• Previous message: David STAPLETON: "Clarification: Problem with LiveUpgrade lucreate from Sol7 to Sol8 : CPIO error."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:31:40 EDT