Jeff A. Earickson wrote:
The Pros of replacing Sun ipfilter with Darren's latest: 1) You get the latest bug fixes and features of ipfilter.
I guess that makes sense
2) You help humanity by testing the latest version of ipfilter.
but then you might help humanity (at least me :-) ) by getting the Solaris version to work
3) You get the collected beauty and wisdom of this list.
can't argue that
4) You don't have to hassle with Sun support for ipfilter.
Looks like I will have to do that. The main reason I got the Ultra20 with Solaris 10 is for learning. I am told by a sysadmin at work that Solaris 10 is gaining popularity. Since I am now in a group that is almost all Solaris, I need to learn more. While going with the public version would get me more help from the list, I would really like to learn as much as I can about the Solaris 10 way of doing things. From what I have seen so far, Solaris 10 seems quite nice and possibly even easier.
3) The list may not be able to help you with your problem.
I am coming to that conclusion. Perhaps if I ever get this figured out, I can help someone else
I run version 4.1.8 on my Solaris 10 boxes with either pfil 2.1.6 or
I don't even know what version came with my Ultra20
use as a test box with 4.1.9/10. 4.1.9 would hang the system. With 4.1.10 I got mysterious reboots. Then I had to put the V210 into
That doesn't sound good
production. 4.1.8 is rock solid on my V210 and V490 systems, so that's
I will definitely keep that in mind Do you or anyone reading this have experience with both the Solaris 10 way and the public version? When I first started messing with this, I was trying to use the output of fwbuilder but I found that is for Solaris 9 and I am wondering if I messed up what I have in the process. I notice that both svcadm enable ipfilter and ipf -E seem to do something but is that only because ipfilter is still ipfilter even though it is tailored for Solaris 10? http://www.rite-group.com/consulting/solaris_nat.html gives some Solaris 10 advice but I can't even get the simple NAT example working. Damon Register
