Siwei, When I rebooted my system, this issue for ipfilter can't be represented. But before I tried the ipfilter, I spent many time on installation of Xen and Linux domU. Maybe the Xen affect the ipfilter service. I think your suggestion is the cause for this issue. I will test it when I install new OpenSolaris system.
Thanks -Hejun > <div id="jive-html-wrapper-div"> > Hejun,<br><br>You may run into <a > href="http://bugs.opensolaris.org/bugdatabase/view_bug > .do?bug_id=6893162"> 6893162</a>, I think you could > try out by enlarging the sleep duration in script > /lib/svc/share/ipf_include.sh:<br> > <br>service_check_state()<br>{<br> > #<br> # Make sure we're done with ongoing > state transition<br> #<br> while [ > "`svcprop -p restarter/next_state $1`" != > "$SMF_NONE" ]; do<br> > sleep 1<br> > done<br><br> [ "`svcprop -p > restarter/state $1`" = "$2" ] > && return 0 || return > 1<br>}<br><br><br>-Siwei<br><br><div > class="gmail_quote">On Tue, Jan 19, 2010 at 10:02 AM, > Hejun Xu <span dir="ltr"><<a > href="mailto:xuhe...@gmail.com";>xuhe...@gmail.com</a>& > gt;</span> wrote:<br> > <blockquote class="gmail_quote" style="margin: 0pt > 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, > 204); padding-left: 1ex;">I find the pfil is removed > from OpenSolaris 0906.<br> > "pfil" is one ipfilter module in Solaris > 10.<br> > <br> > Another friend sugguest me maybe the cause is my slow > CPU make the ipfilter service timeout.<br> > <br> > But I installed OpenSolaris 0906 on HP DL145G2 > server, there is one AMD Opteron 2GHz CPU and 2GB > physical Memory.<br> > <br> > And there is no GUI assistant to help me config the > ipfilter on OpenSolaris.<br> > <br> > -Hejun<br> > <br> > <br> > ><br> > ><br> > > try if following steps work for you.<br> > > <br> > > 0,#svcs -a|egrep "pfil|ipf"<br> > > ???? svc:/network/pfil:default<br> > > ???? svc:/network/ipfilter:default<br> > ><br> > > 1,#ifconfig -a<br> > ><br> > > bge0:...<br> > ><br> > > 2,#vi /etc/ipf/pfil.ap<br> > > (uncomment bge #)<br> > > #...<br> > > bge -1 0 pfil<br> > > #...<br> > ><br> > > 3,#vi /etc/ipf/ipf.conf<br> > > block oracle in bge<br> > > pass sun in bge<br> > ><br> > > 4,#svcadm enable svc:/network/pfil:default<br> > > #svcadm enable > svc:/network/ipfilter:default<br> > ><br> > > 5,#svcs pfil<br> > > #svcs ipfilter<br> > ><br> > > 6,#ipfstat -ionh<br> > ><br> > ><br> > > reference:<br> > > <a > href="http://docs.sun.com/app/docs/doc/816-4554/gdwvu? > a=view" > target="_blank">http://docs.sun.com/app/docs/doc/816-4 > 554/gdwvu?a=view</a><br> > > <a > href="http://blogs.sun.com/tonyn/entry/firewall_config > uratio" > target="_blank">http://blogs.sun.com/tonyn/entry/firew > all_configuratio</a><br> > > n_in_opensolaris_2009<br> > ><br> > ><br> > ><br> > > > Date: Thu, 14 Jan 2010 23:05:23 -0800<br> > > > From: <a > href="mailto:xuhe...@gmail.com";>xuhe...@gmail.com</a>< > br> > > > To: <a > href="mailto:ug-bjo...@opensolaris.org";>ug-bjo...@open > solaris.org</a><br> > > > Subject: [ug-bjosug] To make the ipfilter > available<br> > > must reboot the system?<br> > <div class="im">> ><br> > > > Dear all,<br> > > ><br> > > > I tried to enable the firewall on my > OpenSolaris<br> > > 0906.<br> > > > I followed the guide to do the belew > step:<br> > > ><br> > > > $ svcadm enable network/ipfilter<br> > > > $ svccfg -s network/ipfilter:default > setprop<br> > > firewall_config_default/policy = astring: > allow<br> > > > $ svcadm refresh network/ipfilter<br> > > ><br> > > > but the ipfilter is always in maintenance > stage.<br> > > ><br> > > > I had to reboot my system,then the ipfilter > is<br> > > online.<br> > > ><br> > > > I don't know whether there is a > bug.<br> > > ><br> > > > -Hejun<br> > > > --<br> > > > This message posted from <a > href="http://opensolaris.org"; > target="_blank">opensolaris.org</a><br> > ><br> > </div>> > ______________________________________________________ > <br> > > __________<br> > > Hotmail: Powerful Free email with security > by<br> > > Microsoft.<br> > > <a > href="http://clk.atdmt.com/GBL/go/196390710/direct/01/ > " > target="_blank">http://clk.atdmt.com/GBL/go/196390710/ > direct/01/</a><br> > <div><div></div><div class="h5">--<br> > This message posted from <a > href="http://opensolaris.org"; > target="_blank">opensolaris.org</a><br> > _______________________________________________<br> > networking-discuss mailing list<br> > <a > href="mailto:networking-discuss@opensolaris.org";>netwo > rking-disc...@opensolaris.org</a></div></div></blockqu > ote></div><br> > > </div>_______________________________________________ > networking-discuss mailing list > networking-discuss@opensolaris.org -- This message posted from opensolaris.org _______________________________________________ networking-discuss mailing list networking-discuss@opensolaris.org
