Yes Chris, Exactly. The interface that is plumbed but not assigned a
address on the global zone will not give a error from IPfilter but will
not filter the traffic for the zones that have Addresses configured on
them.
I am not looking to filter traffic between zones just to use the
global zone configuration of IPfilter to filter traffic on the local
zones.
-----Original Message-----
From: Chris Ross [mailto:[EMAIL PROTECTED]
Sent: Friday, July 22, 2005 5:50 PM
To: Darren Reed
Cc: Mike Demarco; [EMAIL PROTECTED];
[email protected]
Subject: Re: Solaris 10 and ipfilter
Darren Reed wrote:
> See:
>
http://blogs.sun.com/roller/page/avalon?entry=using_ipfilter_between_zon
es_for
I think you're looking at a different aspect of the problem than Mike
was, Darren.
Correct me if I'm wrong, Mike, but I think he just wants the ability
to protect the zone's (via their wholly owned interfaces, that are
configured in the zone level, not globally) from the outside world.
I don't think he was trying to protect them from each other.
I read his message to mean that because ipf was coming up in the
global zone, it wasn't able to understand/filter properly on the
interfaces that were assigned no address in the global zone, but
assigned an address in the "local" zones...
- Chris
