Greetings,
I've been using ipfilter since early version 3 (maybe ten years) and got
out of the habit of building it myself when Sun included it in S10.
Mistake!
Following a succession of annoying problems, I finally felt moved to
build 4.1.32 for my ancient sparc firewall -- it's an ultra5 -- and have
some observations about the process.
1. The docs say don't use gmake and don't build the package. These both
used to work well enough, what changed?
2. I had some difficulty building it. buildsunos script insisted on
attempting to build 32 bit exes and failing. Why? Not needed on sun4u.
In the end I simply edited it to set BUILDBOTH=false.
3. I don't want a compilation environment on my firewall anyway. I was
forced to NFS mount from my dev server on the firewall, and run
SunOS5/replace -f from there after building.
4. This in turn spewed lots of error messages (no such file or
directory) while apparently trying to update header files (was doing
something else and not paying a great deal of attention). Surprising.
5. Nevertheless, and possibly even more surprising, replace -f 'just
worked' and the slowness and complete failure to do GRE/pptp--which
motivated this whole exercise--are resolved.
I'm seeing no plaintive console messages and the system seems stable and
functional. The only niggle now is that state top doesn't seem to get
built by default so no ipfstat -t.
I'll live.
The distro version of ipf in solaris 10U9 is 4.1.9. This is way behind
the curve and (plainly) quite badly broken. What on earth is Oracle
playing at here?
By contrast, ipf4.1.3 on my old ultra 2 box--which the U5
replaces--kinda sorta worked.
Anyway, happy again and thanks to all who work on this most excellent
piece of software.
One question though--if I decide to rebuild ipf for state top, and run
replace -f again, will it work twice?
--
::
Charles Meo
Solution Architect
Remora Technologies Pty Ltd
www.remora.com.au
Level 6, 685 Burke Road, Camberwell VIC 3124
E [email protected]
T 03 8080 5777
F 03 8080 5778
M 0409 258 471
::
