First of all, YMMV (your mileage may vary)... I found that the installation of IPF (4.0.2, I think) that comes with Solaris 10 has a fairly significant bug. Significant, if you're running a busy site managing stateful connections. The state table, which is of fixed size, doesn't free active connections properly, which results in machine lock-up, when capacity is reached.
For this reason, I'd strongly suggest compiling the open source release. There's a great guide which explains how to remove the Sun version and install the open source release at http://www.colby.edu/personal/j/jaearick/sysadmin/sol10.ipfilter.upgrade You may need to modify this procedure slightly if you are compiling for an X64 kernel.. There are some notes at http://blogs.sun.com/avalon/entry/ipfilter_4_1_13which list a few modifications to the build to compile for X64. I'd recommend using Sun's CC compilers, freely available as part of Studio 11, for compilation, as I'm not sure that gcc is supported yet. I'm running IPF 4.1.16 with a few of the latest patches, and pfil 2.1.11. Things work well, except that there appears to be a bug with the FTP NAT proxy, which Darren is looking into. Hope this helps.
