> Firstly, if you were to disable ipfilter using svcadm and rely on
> /etc/rc2.d/S65ipfboot, ipfilter will start too late.
The recipe we're playing with is:
pkgrm SUNWipfu
pkgrm SUNWipfr
svcadm disable network/pfil
install pfil 2.1.5 + patches
install ipfilter 4.1.6
add:
pp::sysinit:/sbin/autopush -f /etc/opt/pfil/iu.ap
to /etc/inittab right after:
ap::sysinit:/sbin/autopush -f /etc/iu.ap
and reply on S65ipfboot to take care of doing the modinsert for the
tunnels.
Comments welcomed.
-- John
PS: Hopefully Sun will release a patch which updates their package
to pfil 2.1.5 / ipfilter 4.1.6 at which point we'll probably switch
back to using SUNWipfr / SUNWipfu.
-------------------------------------------------------------------------
| Feith Systems | Voice: 1-215-646-8000 | Email: [EMAIL PROTECTED] |
| John Wehle | Fax: 1-215-540-5495 | |
-------------------------------------------------------------------------
