Nicolas Williams wrote:
On Wed, Mar 08, 2006 at 02:39:51PM -0800, Darren Reed wrote:
James Carlson wrote:
Bart Smaalders writes:
The rules in any single ipf.conf file should describe a
consistent, safe set of ipfilter rules for a single
operating state.
They should be either all applied or none.
I don't think it's as simple as that in general.
Suppose my configuration says this:
block in quick on foobar0 from ! 192.168.254.0/24 to any
A rule will never fail to load because an interface name specified in it
doesn't exist at the time it is loaded. So you can load the above rule,
even though it will likely never match anything. This makes it slightly
more susceptible to user-error but in my experience this happens very
very infrequently.
Will such rules be installed when such interfaces appear?
Yes. Or perhaps a better way to think of it is that interface names are
revalidated when an interface is added or removed from Solaris. This
is nothing new, it's always been that way.
Darren
_______________________________________________
networking-discuss mailing list
[email protected]
