On Tue, Mar 23, 2010 at 09:30:41AM -0700, Erik Nordmark wrote: > > How are they supposed to work? > > I'm running in the punchin location and automatic profile, but > svcprop tells me > config/ipf6_config_file astring /etc/nwam/loc/NoNet/ipf6.conf > firewall_config_default/custom_policy_file astring > /etc/nwam/loc/NoNet/ipf.conf > > and I don't seem to have any filters in place: > root at fuj:~# ipfstat -ih > empty list for ipfilter(in) > > even though the above file contains rules.
Right; there's another knob in the ipfilter properties that says whether or not the custom file should be used. Check the value of firewall_config_default/policy; it should be "none" (the value "custom" says to use the specified files). > I'd really like to use /etc/ipf/ipf.conf. Do I need to copy the file > I want into /etc/nwam? Or is there some other way I can control > this? The ipfilter config file(s) to use are part of the nwam location. If you've specified files (as paths, the files can live anywhere in the filesystem), nwam will set the relevant ipfilter service properties, and set the above policy prop to custom, when it activates the location. I'm not sure exactly how the punchin package creates the punchin location, but I suspect you could customize it if you want. -renee
