For those wanting to play with ipfilter on Solaris 10, you might
like to experiment with these scripts.
THe scripts mainly embody the work that others have already done.
"part1" is what you run before rebooting so you can installing your
own ipfilter/pfil.
"part2" is what you run after you have installed your own ipfilter/pfil.
Darren
#!/bin/sh
cd /usr/sbin
if [ -f pfild.dist -a ! -f pfild ] ; then
cp pfild.dist pfild
fi
cd /lib/svc/method
if [ ! -f pfil -a -f pfil.dist ] ; then
cp -p pfil.dist pfil
fi
if [ ! -f ipfilter -a -f ipfilter.dist ] ; then
cp -p ipfilter.dist ipfilter
fi
cd /etc/rc2.d
if [ -f S65ipfboot ] ; then
rm S65ipfboot
fi
if [ -f S10pfil ] ; then
rm S10pfil
fi
cd ../rcS.d
if [ -f S10pfil ] ; then
rm S10pfil
fi
cd ../init.d
if [ -f ipfboot ] ; then
rm ipfboot
fi
if [ -f pfil ] ; then
rm pfil
fi
cd /etc/ipf
if [ -f pfil.ap.dist -a ! -f pfil.ap ] ; then
cp -p pfil.ap.dist pfil.ap
fi
if [ -f /etc/ipf/pfil.xml ] ; then
svccfg import /etc/ipf/pfil.xml
fi
if [ -f /etc/ipf/ipfilter.xml ] ; then
svccfg import /etc/ipf/ipfilter.xml
fi
svcadm -v enable pfil
cd /etc/opt
if [ -d ipf -d /etc/ipf ] ; then
mv ipf ipf.dist
ln -s /etc/ipf .
fi
svcadm -v enable ipfilter
svccfg export pfil > /etc/ipf/pfil.xml
svccfg export ipfilter > /etc/ipf/pfil.xml
cd /lib/svc/method
if [ -f pfil -a ! pfil.dist ] ; then
cp -p pfil pfil.dist
fi
if [ -f ipfilter -a ! ipfilter.dist ] ; then
cp -p ipfilter ipfilter.dist
fi
cd /etc/ipf
if [ -f pfil.ap -a ! pfil.ap.dist ] ; then
cp -p pfil.ap pfil.ap.dist
fi
cd /usr/sbin/
if [ -f pfild -a ! -f pfild.dist ] ; then
cp -p pfild pfild.dist
fi
svcadm disable pfil
svcadm disable ipfilter
pkgrm SUNWipfu
pkgrm SUNWipfr
rem_drv pfil
rem_drv ipf
