Darren Reed wrote:
See:
http://blogs.sun.com/roller/page/avalon?entry=using_ipfilter_between_zones_for
I think you're looking at a different aspect of the problem than Mike
was, Darren.
Correct me if I'm wrong, Mike, but I think he just wants the ability
to protect the zone's (via their wholly owned interfaces, that are
configured in the zone level, not globally) from the outside world.
I don't think he was trying to protect them from each other.
I read his message to mean that because ipf was coming up in the
global zone, it wasn't able to understand/filter properly on the
interfaces that were assigned no address in the global zone, but
assigned an address in the "local" zones...
- Chris
