IP Filter configuration on Solaris 10

From: Andreas Höschler (ahoesch@smartsoft.de)
Date: Mon Nov 07 2005 - 11:41:19 EST

• Next message: Andreas Höschler: "Solaris 10 and IP Filter"
• Previous message: Karl.Rossing@Federated.CA: "v240 stuck on Configuring Devices"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Dear managers,

I am trying to get IP Filter to work on an upgraded Solaris machine.
Under Solaris 9 the following /etc/ipf/ipf.conf worked well.

block in log on bge2

pass in quick on bge2 proto tcp from any to any port = 22 keep state
pass in quick on bge2 proto tcp from any to any port = 25 keep state
pass in quick on bge2 proto tcp/udp from any to any port = 53 keep state
pass in quick on bge2 proto tcp from any to any port = 80 keep state
pass in quick on bge2 proto tcp from any to any port = 443 keep state
pass in quick on bge2 proto tcp from any to any port = 993 keep state
pass in quick on bge2 proto tcp from any to any port = 995 keep state
pass in quick on bge2 proto tcp from any to any port = 60000 keep state
pass in quick on bge2 proto tcp from any to any port = 60001 keep state
pass in quick on bge2 proto tcp from any to any port = 60002 keep state
pass in quick on bge2 proto tcp from any to any port = 60004 keep state
pass in quick on bge2 proto tcp from any to any port = 60006 keep state
pass in quick on bge2 proto tcp from any to any port = 20020 keep state
pass in quick on bge2 proto tcp from any to any port = 1508 keep state
pass in quick on bge2 proto tcp from any to any port = 61520 keep state
pass in quick on bge2 proto tcp from any to any port = 61521 keep state
pass in quick on bge2 proto tcp from any to any port = 61000 keep state
pass in quick on bge2 proto tcp from any to any port = 47000 keep state
pass in quick on bge2 proto tcp/udp from any to any port = 1194 keep
state

pass out quick on bge2 proto tcp/udp from any to any keep state
pass out quick on bge2 proto icmp from any to any keep state

On Solaris 10 not one line is accepted.

...
13:ioctl(add/insert rule): Bad file number
14:ioctl(add/insert rule): Bad file number
16:ioctl(add/insert rule): Bad file number
17:ioctl(add/insert rule): Bad file number
18:ioctl(add/insert rule): Bad file number
21:ioctl(add/insert rule): Bad file number
...

Can anybody send me his config file as an example? Thanks a lot!

Regards,

   Andreas
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Andreas Höschler: "Solaris 10 and IP Filter"
• Previous message: Karl.Rossing@Federated.CA: "v240 stuck on Configuring Devices"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:35:01 EDT