Hejun, This could be another separate issue, see:
http://defect.opensolaris.org/bz/show_bug.cgi?id=12694 The relevant fix has been integrated into osol_129.. Since this issue is one shot which would not show up again across system reboot, you do not need to get your system upgraded to 129. Cheers, -Siwei On Wed, Jan 20, 2010 at 1:11 PM, Hejun Xu <xuhe...@gmail.com> wrote: > Siwei, > > I met the another issue like the ipfilter which can't be enabled at once. > When I tried to enable stmf (COMSTAR) service, > it ran into the "maintenance status", > there is one warning "svc-stmf: unable to load config" in the log. > But when I rebooted my system, the service of STMF is ok again. > > It's very like the issue which I met the issuse for the ipfilter service. > So I think maybe the cause is for Xen on OpenSolaris, > because my OpenSolaris is running as the Xen dom0. > > -Hejun > > > > Siwei, > > > > When I rebooted my system, this issue for ipfilter > > can't be represented. > > But before I tried the ipfilter, I spent many time on > > installation of Xen and > > Linux domU. > > Maybe the Xen affect the ipfilter service. > > I think your suggestion is the cause for this issue. > > I will test it when I install new OpenSolaris > > system. > > > > Thanks > > > > -Hejun > > > > > <div id="jive-html-wrapper-div"> > > > Hejun,<br><br>You may run into <a > > > > > href="http://bugs.opensolaris.org/bugdatabase/view_bug > > > > > .do?bug_id=6893162"> 6893162</a>, I think you > > could > > > try out by enlarging the sleep duration in script > > > /lib/svc/share/ipf_include.sh:<br> > > > <br>service_check_state()<br>{<br> > > > #<br> # Make sure we're done with > > ongoing > > > state transition<br> #<br> while [ > > > "`svcprop -p restarter/next_state $1`" > > != > > > "$SMF_NONE" ]; do<br> > > > sleep 1<br> > > > done<br><br> [ "`svcprop -p > > > restarter/state $1`" = "$2" ] > > > && return 0 || return > > > 1<br>}<br><br><br>-Siwei<br><br><div > > > class="gmail_quote">On Tue, Jan 19, 2010 at 10:02 > > AM, > > > Hejun Xu <span dir="ltr"><<a > > > > > href="mailto:xuhe...@gmail.com";>xuhe...@gmail.com</a>& > > > > > gt;</span> wrote:<br> > > > <blockquote class="gmail_quote" style="margin: 0pt > > > 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, > > 204, > > > 204); padding-left: 1ex;">I find the pfil is > > removed > > > from OpenSolaris 0906.<br> > > > "pfil" is one ipfilter module in Solaris > > > 10.<br> > > > <br> > > > Another friend sugguest me maybe the cause is my > > slow > > > CPU make the ipfilter service timeout.<br> > > > <br> > > > But I installed OpenSolaris 0906 on HP DL145G2 > > > server, there is one AMD Opteron 2GHz CPU and 2GB > > > physical Memory.<br> > > > <br> > > > And there is no GUI assistant to help me config > > the > > > ipfilter on OpenSolaris.<br> > > > <br> > > > -Hejun<br> > > > <br> > > > <br> > > > ><br> > > > ><br> > > > > try if following steps work for you.<br> > > > > <br> > > > > 0,#svcs -a|egrep "pfil|ipf"<br> > > > > ???? svc:/network/pfil:default<br> > > > > ???? > > svc:/network/ipfilter:default<br> > > > ><br> > > > > 1,#ifconfig -a<br> > > > ><br> > > > > bge0:...<br> > > > ><br> > > > > 2,#vi /etc/ipf/pfil.ap<br> > > > > (uncomment bge #)<br> > > > > #...<br> > > > > bge -1 0 pfil<br> > > > > #...<br> > > > ><br> > > > > 3,#vi /etc/ipf/ipf.conf<br> > > > > block oracle in bge<br> > > > > pass sun in bge<br> > > > ><br> > > > > 4,#svcadm enable > > svc:/network/pfil:default<br> > > > > #svcadm enable > > > svc:/network/ipfilter:default<br> > > > ><br> > > > > 5,#svcs pfil<br> > > > > #svcs ipfilter<br> > > > ><br> > > > > 6,#ipfstat -ionh<br> > > > ><br> > > > ><br> > > > > reference:<br> > > > > <a > > > > > href="http://docs.sun.com/app/docs/doc/816-4554/gdwvu? > > > > > a=view" > > > > > target="_blank">http://docs.sun.com/app/docs/doc/816-4 > > > > > 554/gdwvu?a=view</a><br> > > > > <a > > > > > href="http://blogs.sun.com/tonyn/entry/firewall_config > > > > > uratio" > > > > > target="_blank">http://blogs.sun.com/tonyn/entry/firew > > > > > all_configuratio</a><br> > > > > n_in_opensolaris_2009<br> > > > ><br> > > > ><br> > > > ><br> > > > > > Date: Thu, 14 Jan 2010 23:05:23 > > -0800<br> > > > > > From: <a > > > > > href="mailto:xuhe...@gmail.com";>xuhe...@gmail.com</a>< > > > > > br> > > > > > To: <a > > > > > href="mailto:ug-bjo...@opensolaris.org";>ug-bjo...@open > > > > > solaris.org</a><br> > > > > > Subject: [ug-bjosug] To make the > > ipfilter > > > available<br> > > > > must reboot the system?<br> > > > <div class="im">> ><br> > > > > > Dear all,<br> > > > > ><br> > > > > > I tried to enable the firewall on my > > > OpenSolaris<br> > > > > 0906.<br> > > > > > I followed the guide to do the belew > > > step:<br> > > > > ><br> > > > > > $ svcadm enable network/ipfilter<br> > > > > > $ svccfg -s network/ipfilter:default > > > setprop<br> > > > > firewall_config_default/policy = astring: > > > allow<br> > > > > > $ svcadm refresh network/ipfilter<br> > > > > ><br> > > > > > but the ipfilter is always in > > maintenance > > > stage.<br> > > > > ><br> > > > > > I had to reboot my system,then the > > ipfilter > > > is<br> > > > > online.<br> > > > > ><br> > > > > > I don't know whether there is a > > > bug.<br> > > > > ><br> > > > > > -Hejun<br> > > > > > --<br> > > > > > This message posted from <a > > > href="http://opensolaris.org"; > > > target="_blank">opensolaris.org</a><br> > > > ><br> > > > </div>> > > > > > ______________________________________________________ > > > > > <br> > > > > __________<br> > > > > Hotmail: Powerful Free email with security > > > by<br> > > > > Microsoft.<br> > > > > <a > > > > > href="http://clk.atdmt.com/GBL/go/196390710/direct/01/ > > > > > " > > > > > target="_blank">http://clk.atdmt.com/GBL/go/196390710/ > > > > > direct/01/</a><br> > > > <div><div></div><div class="h5">--<br> > > > This message posted from <a > > > href="http://opensolaris.org"; > > > target="_blank">opensolaris.org</a><br> > > > > > _______________________________________________<br> > > > networking-discuss mailing list<br> > > > <a > > > > > href="mailto:networking-discuss@opensolaris.org";>netwo > > > > > > > rking-disc...@opensolaris.org</a></div></div></blockqu > > > > > ote></div><br> > > > > > > > > </div>_______________________________________________ > > > networking-discuss mailing list > > > networking-discuss@opensolaris.org > -- > This message posted from opensolaris.org > _______________________________________________ > networking-discuss mailing list > networking-discuss@opensolaris.org >
_______________________________________________ networking-discuss mailing list networking-discuss@opensolaris.org
