> An alternative hack is to copy your built pfil over the top of the> Sun
> supplied one and use their scripts; but whenever you install a Sun patch>
> that updates pfil, yours will be clobbered.
That's exactly right, you nailed it.
This is precisely the reason why one should not modify IPF that comes with
Solaris. In comparison with the non-Solaris version, it's been customized
for Solaris (for example, the SMF stuff) and cramming in the latest non-Sun
version breaks too many things. It's just not worth it. It's cheaper to cough
up $380 per year for Platinum support, call up Sun and have them fix it.
Besides, as soon as one replaces the original IPF in Solaris, they will lose
all the
patches and fixes Sun delivers, all the integration testing, and their
installation
will be clobbered just like you wrote, should they ever perform a Solaris
uograde.
In short: not only does hacking around like this break IPFilter in Solaris, it
also
breaks security, and breaks Solaris, thereby cutting off any further upgrade
paths and fixes. It shouldn't be done, no matter what, even if one is the next
Darren Reed.
> It would be good if somebody supplied the Sol10 non-legacy svcadm stuff> for
> the pfil and ipf packages, but until then....
There's nobody better for that that Darren himself.
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
