On Mon, 15 May 2006, Toby Chappell wrote:
Date: Mon, 15 May 2006 16:37:50 -0400
From: Toby Chappell <[EMAIL PROTECTED]>
To: [email protected]
Subject: Sun's support of IPF
Does Sun have an 'official' position on ripping out their version and
running your own?
Probably, but I can't speak for Sun. I'll bet their position is "yer
on yer own, son".
Does anyone have any experience dealing with Sun where
it became known that you were running a different version than theirs
(i.e., Sun tried to blame that for some other problem)?
I've run Ipfilter 3.x on Solaris 8 and S9 boxes for several years, and
now Ipfilter 4.x on S10 boxes. Systems occasionally panic; most often
in my opinion from bad hardware. However, Sun's first reaction when
they look at the traceback from the crash dump is to blame ipfilter;
ipfilter always shows up near the top of the traceback because it is
loaded into the kernel and active. So they point the finger there.
I've usually been able to convince them that it was bad hardware due
to other evidence, eg parity errors, lom output, etc. If ipfilter really
does cause a panic or hang, it is usually obvious. The system dies right
after ipfilter is loaded and there is discussion about the issue on the
ipfilter list. Sun need not get involved...
Our university IT management are somewhat uncomfortable with...
But are you uncomfortable with your Sun hanging out there in the
breeze, waiting to be poked by every hacker on the planet? I sure
am. I need the protection of ipfilter more than I need management's
blessing. I can get away with this attitude due to the local politics
and the fact that IPfilter has been rock solid for many years. If
ipfilter-using machines fell over all the time I would scrap it.
Test it on less critical systems until you and the bosses feel
comfortable with it. That's what I did when I first starting using
Darren's superlative contribution to humanity.
Jeff Earickson
Colby College
