> Hello everyone, > > I'm new to the list so please forgive me if this is a stupid question > or addressed recently. > > I have a solaris 10 box configured as a router / firewall / nat > box. It works great except with respect to ipv6. IPv6 (6to4) itself > works great. However, it seems that the version of ipfilter bundled > with Solaris 10 (v4.0.2) only supports blocking ipv6 entirely. I > understand that newer versions support IPv6 with the ipf6.conf > file.
There are no such versions yet bundled with Solaris. > For past versions of Solaris I've built and installed > ipfilter. Several months ago I had tried to remove the Solaris bundled > version and replace it with a newer version. (Unfortunately I don't > recall which version.) The results were unpleasant. Frequent system > panics. I wasn't sure whether I had failed to completely remove the > bundled package or if the newer version didn't support solaris 10 yet. Unless you can mention specific versions and what you did, it's hard to diagnose what went wrong or try to troubleshoot the situation. Needless to say, 4.1.8 seems to work reasonably well on S10 if you walk through a specific set of hoops that someone else has documented. > Anyway, to make a long story short I was wondering if ipfilter 4.1.8 > was known to work with Solaris 10 configured as an IPv6 6to4 > relay. I've never tried it, so I can't say. > Also, if there are any tricky steps relating to removing the > bundled version that I should be conscious of. Or if someone has some > insight into Sun's ipfilter upgrade plans for Solaris 10 and know a > patch is on its way. Search amongst the blogs on http://blogs.sun.com for project updates on ipfilter in Solaris. Of course whatever time frame you see there only applies to Solaris express (and OpenSolaris.) Getting code into an update release or similar is not very quick. If you have a support contract, you might be able to cause someone to generate a special patch for you. Darren
