As we change the way ipfilter config files are specified in the SMF script, I think the way we save and represent the configuration files (ipf, ipf6, ipnat, ippool) for the Legacy location should change.
Currently, we copy the respective configuration file (from /etc/ipf/) to /etc/nwam/loc/Legacy and use the respective location property to point to the file in /etc/nwam/loc/Legacy. This presents a problem when going from NWAM to Legacy mode. Since the we have made copies of the files, we don't know the original location of the files. The Legacy location is deleted and its files should be removed when switching out of NWAM. Here's how I think this solves the problem. We still make copies of the configuration files. But the location property doesn't point to the copied file. It will save the original location of the file. For example, assume that config/ipf6_config_file in ipfilter is /etc/ipf/myipf6.conf. On NWAM start (i.e., legacy location creation: 1. cp /etc/ipf/myipf6.conf /etc/nwam/loc/Legacy/ 2. set ipfilter-v6-config-file=/etc/ipf/myipf6.conf (this used to be /etc/nwam/loc/Legacy/myipf6.conf) When reverting back from nwam to non-nwam case, the ipfilter-v6-config-file tells use where to copy the /etc/nwam/loc/Legacy/myipf6.conf file. Any comments on this? On a related but different note ... ipf.conf still presents a bit of a problem. If the firewall policy is "custom", then the custom_policy_file will be treated just like the other config/*_config_file property (copying the file and remember the original location in the ipfilter-config-file property. But if the firewall policy is not custom (either none, allow, or deny), the Legacy location must save this value. I am thinking that this value also be saved in the ipfilter-config-file property. Since the property requires a filename starting with "/", the policy value would be saved as /none or /allow or /deny. Then, when going from nwam to non-nwam, the ipfilter-config-file property is first checked if it is one of the above and if so, sets the firewall policy. I only other way I can think of doing this is to add a new property for use by Legacy location only (don't like it at all). Any ideas here? Anurag
