From: LOEWENTHAL Simon (sloewenthal@gemini.edu)
Date: Tue Jan 24 2006 - 14:33:26 EST
Dear everyone,
I set up ipfilters on a freshly installed Solaris 10 box (SunOS
meway 5.10 Generic_118822-25 sun4u sparc SUNW,UltraAX-i2), but all I did
was block ssh, which is the opposite of what I want to achieve.
I would like to drop all but ssh (22) on the virtual interface eri0:1.
Eri0:1 is a zone on the server. I would have done this inside the
actual zone, but it seems that zones don't have ipfilter included by
default as the /etc/ipf directory wasn't created inside the zone.
Perhaps ipfilter doesn't allow filtering across virtual zones? Does
anyone know how I could get this to work?
/etc/ipf/ipf.conf
block in log on eri0:1 all head 100
block out log on eri0:1 all head 150
### Allow inbound SSH connections
pass in quick proto tcp from any to 10.1.5.112 port = 22 keep state
group 100
### Allow my box to utilize all UDP, TCP and ICMP services
pass out quick proto tcp all flags S/SA keep state group 150
pass out quick proto udp all keep state group 150
pass out quick proto icmp all keep state group 150
Commented out eri in the pfil.ap
eri -1 0 pfil
One thousand thank-yous in advance.
Regards, S.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:38:42 EDT