On Sat, 2005-02-12 at 16:47 +1100, Darren Reed wrote: > You need to download pfil & ipf from the web site, unpack and compile > pfil, followed by ipfilter. > > You then manually update all of the binaries on your system with those > created through the compilation steps. Be sure to NOT overwrite the > /usr/sbin/ipf file but only /usr/sbin/sparcv9/ipf, etc. > > Darren >
I had success using pfil and ipfilter from your FTP directory. I compiled pfil and manually copied it to /kernel/drv/. I compiled ipfilter and copied the ipf module to /kernel/drv/ as well together with ipf.conf. Both modules load without errors: bash-3.00# modinfo | grep pfil 115 f9552000 4c44 - 1 pfil (pfil Streams module 2.1) 115 f9552000 4c44 166 1 pfil (pfil Streams driver 2.1) bash-3.00# modinfo | grep ipf 127 f9572000 2d478 165 1 ipf (IP Filter: v4.1.5) After connecting to my ISP I added the pfil module manually to sppp0 (ifconfig sppp0 modinsert [EMAIL PROTECTED]): bash-3.00# ifconfig sppp0 modlist 0 ip 1 pfil 2 sppp And then it works!!! :-) I wonder why there is no ipf module present in Solaris 10 (at least I couldn't find one). Also it seems that I always have to manually insert pfil to sppp0 (or write a script to do it). I had one system freeze after establishing the connection, reloading my ruleset and inserting pfil to sppp0. When sutting down the system panics if sppp0 was up at some point but not otherwise (it seems to be similar to John Cecere's recent post). IMO the testing indicates that the ipfilter version shipped with Solaris 10 is to blame for the problems I had initially. I would like to fill a bug report but I could not find any infomation on Sun's website about how to do it. Thank you Darren for your valuable advices! Kind Regards, Albert
