Re: [networking-discuss] [ug-bjosug] To make the ipfilter available must reboot the system?

Mon, 18 Jan 2010 18:43:33 -0800 

Hejun,

You may run into
6893162<http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6893162>,
I think you could try out by enlarging the sleep duration in script
/lib/svc/share/ipf_include.sh:

service_check_state()
{
        #
        # Make sure we're done with ongoing state transition
        #
        while [ "`svcprop -p restarter/next_state $1`" != "$SMF_NONE" ]; do
                sleep 1
        done

        [ "`svcprop -p restarter/state $1`" = "$2" ] && return 0 || return 1
}


-Siwei

On Tue, Jan 19, 2010 at 10:02 AM, Hejun Xu <xuhe...@gmail.com> wrote:

> I find the pfil is removed from OpenSolaris 0906.
> "pfil" is one ipfilter module in Solaris 10.
>
> Another friend sugguest me maybe the cause is my slow CPU make the ipfilter
> service timeout.
>
> But I installed OpenSolaris 0906 on HP DL145G2 server, there is one AMD
> Opteron 2GHz CPU and 2GB physical Memory.
>
> And there is no GUI assistant to help me config the ipfilter on
> OpenSolaris.
>
> -Hejun
>
>
> >
> >
> >  try if following steps work for you.
> >
> > 0,#svcs -a|egrep "pfil|ipf"
> > ????         svc:/network/pfil:default
> > ????           svc:/network/ipfilter:default
> >
> > 1,#ifconfig -a
> >
> >   bge0:...
> >
> > 2,#vi /etc/ipf/pfil.ap
> >  (uncomment bge #)
> >  #...
> >  bge    -1      0       pfil
> >  #...
> >
> > 3,#vi  /etc/ipf/ipf.conf
> >  block oracle in bge
> >  pass sun in bge
> >
> > 4,#svcadm enable svc:/network/pfil:default
> >   #svcadm enable svc:/network/ipfilter:default
> >
> > 5,#svcs pfil
> >   #svcs ipfilter
> >
> > 6,#ipfstat -ionh
> >
> >
> > reference:
> > http://docs.sun.com/app/docs/doc/816-4554/gdwvu?a=view
> > http://blogs.sun.com/tonyn/entry/firewall_configuratio
> > n_in_opensolaris_2009
> >
> >
> >
> > > Date: Thu, 14 Jan 2010 23:05:23 -0800
> > > From: xuhe...@gmail.com
> > > To: ug-bjo...@opensolaris.org
> > > Subject: [ug-bjosug] To make the ipfilter available
> > must reboot the system?
> > >
> > > Dear all,
> > >
> > > I tried to enable the firewall on my OpenSolaris
> > 0906.
> > > I followed the guide to do the belew step:
> > >
> > > $ svcadm enable network/ipfilter
> > > $ svccfg -s network/ipfilter:default setprop
> > firewall_config_default/policy = astring: allow
> > > $ svcadm refresh network/ipfilter
> > >
> > > but the ipfilter is always in maintenance stage.
> > >
> > > I had to reboot my system,then the ipfilter is
> > online.
> > >
> > > I don't know whether there is a bug.
> > >
> > > -Hejun
> > > --
> > > This message posted from opensolaris.org
> >
> > ______________________________________________________
> > __________
> > Hotmail: Powerful Free email with security by
> > Microsoft.
> > http://clk.atdmt.com/GBL/go/196390710/direct/01/
> --
> This message posted from opensolaris.org
> _______________________________________________
> networking-discuss mailing list
> networking-discuss@opensolaris.org
>

_______________________________________________
networking-discuss mailing list
networking-discuss@opensolaris.org

Reply via email to