Sean, Odd, since if it's local traffic it should be via lo0, which on Solaris isn't even filtered by pfil; the IP stack short circuits the packet flow as a performance optimisation, in fact the STREAMS module doesn't even get loaded.
Something stuffing up tooltalk perhaps (ttsession et al)? Guess you could try "ifconfig -a modlist", check for pfil, try modinsert [EMAIL PROTECTED] and/or modremove'ing it and seeing how the behaviour changes (or whether it does). We run Solaris 9 and 10, with IP Filter (few versions, 4.1.8 I think is latest), but haven't seen this problem... Rgds, Stuart. >>> "Sean Caron" <[EMAIL PROTECTED]> 30/09/06 7:27 AM >>> On further evaluation, it looks like it might be an issue with "pfil". When I remove the rc scripts that start both pfil and ipf from /etc and move the modules out of their respective directories (/kernel, /usr/kernel), the system starts working normally again. When I just enable pfil -- copy back only those rc scripts and kernel module -- the behaviour starts again. Has anyone seen this before? Or -- is anyone aware of a binary package for pfil? I have found binary packages for ipf -- is this included? I don't recall at the moment and the system is at my office.. but I am pretty sure I remember having to install my own pfil with the binary ipf package that I used, and if my pfil is bad after all, then I probably need to start there. Thanks again, Sean
