Shouldn't I be able to use ipfilter rules to block traffic to xvm guests on the guest's vnic?
If I create a guest and add a filter rule to block all incoming traffic, I can still ssh into the guest. Why? It doesn't seem to matter if the vnic was created before or after the guest. Is this related to 6778531? http://monaco.sfbay.sun.com/detail.jsf?cr=6778531 Fred ----------------------- > # dladm show-vnic > LINK OVER SPEED MACADDRESS MACADDRTYPE VID > vnic0 bge1 1000 0:16:3e:39:19:3f fixed 0 > # ipfstat -io > empty list for ipfilter(out) > block in on vnic0 from any to any
