On 05/21/10 08:46 AM, Paul Johnston wrote:
Hi
How do I get ipfilter to read /etc/ipf/ipf.config when I use
pfexec svcadm refresh ipfilter
I can manually force it to read my config file using
pfexec ipf -Fa -f /etc/ipf/ipf.conf
pa...@opensolaris-2:~$ pfexec ipfstat -ni
@1 block in log quick from 130.88.105.55/32 to any
@2 block in log quick from 130.88.105.41/32 to any
@3 block in log quick from 130.88.105.44/32 to any
@4 pass in all
But for example after a reboot I get
pa...@opensolaris-2:~$ pfexec ipfstat -ni
empty list for ipfilter(in)
Cheers Paul
You can use the new Solaris host-based firewall, PSARC 2008/580 [1], to
quickly generate IPFilter configuration by setting appropriate SMF
properties. If you'd like to use a pre-populated ipf rule file, set
'custom' policy and specify the rule file in network/ipfilter service.
See svc.ipfd(1M) for more details but you can just run:
#svccfg -s network/ipfilter:default setprop
firewall_config_default/policy = astring: custom
#svccfg -s network/ipfilter:default setprop
firewall_config_default/custom_policy_file = astring: /etc/ipf/ipf.config
#svcadm refresh network/ipfilter
-tn
[1] http://arc.opensolaris.org/caselog/PSARC/2008/580/arc_proposal
_______________________________________________
opensolaris-help mailing list
opensolaris-help@opensolaris.org
