Andrey wrote:
Past build 56 you need to use the ipf command to set
the IP Filter
tunables. For instance invoke this
ipf -T fr_tcphalfclosed=1200
I've tried that but it does not work too:
ipf -T fr_tcphalfclosed
fr_tcphalfclosed min 0x1 max 0x7fffffff current 14400
ipf -T fr_tcphalfclosed=1200
ioctl(SIOCIPFSET): Device busy
ipf -D -T fr_tcphalfclosed=1200 -E
ipf -T fr_tcphalfclosed
fr_tcphalfclosed min 0x1 max 0x7fffffff current 14400
The previous command breaks ipf somehow (I think all rules are lost) but
restart helps to get them back.
However I were able to set the variable while ipf was disabled, but after
enabling - all default values come back.
ipf -D
ipf -T fr_tcphalfclosed
fr_tcphalfclosed min 0x1 max 0x7fffffff current 14400
ipf -T fr_tcphalfclosed=1200
ipf -T fr_tcphalfclosed
fr_tcphalfclosed min 0x1 max 0x7fffffff current 1200
ipf -E
ipf -T fr_tcphalfclosed
fr_tcphalfclosed min 0x1 max 0x7fffffff current 14400
Hmmm, that's a bug of sorts...and I can see the cause straight
away in fr_state_init(), introduced by IP instances...there are
probably lots of other "friends" for this particular bug.
This works with Solaris 10 Update 3, so unless you're wedded
to using opensolaris, you might want to try moving back to
Solaris 10 Update 3.
Darren
_______________________________________________
networking-discuss mailing list
[email protected]
