Glenn Brunette writes:
> Can someone please explain to me what I am doing wrong here. If I
> specify a specific host address (for e1000g0 or disable IP Filter) I
> can SSH out of the global zone, but if I use the default host address
> specification 0/32, I can't.
"0/32" means "all packets that have IP address exactly equal to zero."
That's not the same as "0/0", which means "any IP address", and which
should be equivalent to the keyword "any" in ipf.conf.
There is a special case for the hostname any, which is taken
to be 0.0.0.0/0 (mask syntax is discussed below) and matches
all IP addresses. Only the presence of any has an implied
mask. In all other situations, a hostname must be accom-
panied by a mask. It is possible to give any a hostmask, but
in the context of this language, it would accomplish noth-
ing.
> pass out log quick from 0.0.0.0/32 to any keep state keep frags
Not clear what you're trying to do here. Except for a couple of
initial DHCP messages, we don't send much that has the source address
set exactly to 0.0.0.0.
--
James Carlson, Solaris Networking <[email protected]>
Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
_______________________________________________
networking-discuss mailing list
[email protected]
