Summary: Solaris 10 and IP Filter

From: Andreas Höschler (ahoesch@smartsoft.de)
Date: Wed Nov 09 2005 - 14:54:41 EST


Dear managers,

thanks to

Stefan Varga <Stefan_Varga@tempest.sk>
Andrew Williams <snowman@ican.net>
"Mike Demarco" <mdemarco@suncom.com>
Crist Clark <crist.clark@globalstar.com>
<peter.van.gemert@accenture.com>

who all tried to help and assured me that IP FIlter on Solaris actually
works. Since it did not for me inspite of all the given hints I finally
decided to install Solaris 10 from scratch and voila. I was confirmed
in my assumption that upgrading a machine is not a good idea. It mmight
work sometimes, but it never did for me neither with MacOSX nor with
Solaris. My current (successful) approach after a clean install is

        pico /etc/ipf/pfil.ap

        bge -1 0 pfil

        svcadm restart network/pfil

        pico /etc/ipf/ipf.conf

        <some rules>

        pico /etc/ipf/ipnat.conf

        <some rules>

        svcadm disable network/ipfilter
        svcadm enable network/ipfilter
        svcadm restart network/ipfilter

        ifconfig bge2 unplumb
        ifconfig bge2 plumb <address> netmask <netmask> up

Now "svcs -l ipfilter" ives me want I wanted to see and the filter is
doing its job.

Thanks a lot!

Regards,

   Andreas

Original question:
====================================================
I have spent the whole day on trying to get IP Filter to work on a
SunFire 240 with Solaris 10 (upgraded from Solaris 9). First I tried to
(re)build it from source as I usually do (this failed), when I realized
that Slaris 10 is coming with IP Filter (deactivated by default). I
then followed the instructions on
http://docs.sun.com/app/docs/doc/816-4554/6maoq023s?a=view and
uncommented the bge line in /etc/ipf/pfil.ap....
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers



This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:35:36 EDT