Hi all, just a minor nit: Over the last few weeks we've updated/patched some systems running early Solaris 10, which came with IPF 4.0.3. Quite a few of these had combo rules like:
pass in on <if> proto tcp/udp from <src> to <dst> port <prt> flags S keep state keep frags After updating (to IPF 4.1.9?) these rules resulted in errors, and we had to either remove the "flags S" part (not valid for UDP) or separate each such rule into a pair of separate TCP and UDP rules. Was this change intentional? If not, easy to reverse? It would be nice if the combo rule just silently ignored the "flags S/..." if processing a UDP packet, but did take it into account when processing a TCP packet. The earlier behaviour is just more convenient. Rgds, Stuart. Stuart Remphrey RMIT ITS Infrastructure Services - Unix Systems Phone (03) 992 55 070 (or extension 55070)
