With the putback of PSARC 2008/580 Solaris host-based firewall, some of our changes to the network/ipfilter service have created design conflicts.
We added config/*_config_file properties to specify the configurations files. Previously, these were hardcoded in the service's script. But, host-based firewall added new properties to network/ipfilter. Among other things, specifying our ipf.conf file (e.g for Automatic and NoNet) requires setting the policy to "custom" and specifying the ipf.conf file to the custom_policy_file. I think the policies for Automatic and NoNet can be specified without custom ipf.conf files (need to do some reading on this). The other properties are still hard-coded. I am not able to find emails/discussions that decided on using the config/*_config_file properties in network/ipfilter. I only see this [1] thread, that talks about locations and security policy, but nothing about the four properties we added. Does anything else change for us with the introduction of host-based firewalls? Thanks, Anurag [1] http://www.opensolaris.org/jive/thread.jspa?messageID=300470
