> > > > validate_interface could just do 'dladm show-dev $1 > /dev/null > > > > 2>&1' and test the result. > > > > > > With the caveat that show-dev disappeared in build 105 (but it probably > > > wasn't what validate_interface was looking for anyway, given that it > > > keyed > > > off of device names, not datalinks or IP interfaces). I'd need to know > > > what validate_interface is trying to do to suggest an alternative > > > approach. > > > > > > > Hi Meem, > > > > Given an interface name, validate_interface verifies it's a valid > > physical interface on the system. Looks like 'dladm show-phys' is what I > > need. Let me know if there's better alternative. > > Why "physical interface"? The firewall doesn't work on aggregations nor > VLANs?
Tony stopped by my office and we talked about this. It seems he wants physical IP interfaces, and thus should use ifconfig to check if the IP interface exists. There's a related matter of how the host-based firewall will need to be updated to accommodate L2 filtering, which presumably would make use of datalinks. -- meem
