http://blogs.sun.com/tonyn/entry/firewall_configuration_in_opensolaris_2009
But IPfilter is outdated. I don't know about any updates and info on page of developer is very old. In fact I don't understand why they are staying with that. pf from OpenBSD had better performance then IPfilter in 2002 and of course it's still developed and new features are added regularly like active - active firewall clusters and so on. In IPfilter you must specifically allow DHCP in or you can't obtain IP adress so rules for some basic desktop firewall in OpenSolaris/Solaris looks like this : block in log all pass in log quick from any to any port = 68 # for IPv4 pass in log quick from any to any port = 546 # for IPv6 pass out proto tcp/udp from any to any keep state pass out proto icmp from any to any keep state In OpenBSD : block in log all pass out ;-) -- This message posted from opensolaris.org
