Cody,
Quick follow-up.
I undertook the following two steps once I had read your email and now
that I had a window to work on it:
1. Went back and update the owner_uuid (conflict indeed); and
2. reapplied the existing rules, after no change after step [1].
Now it works.
Is there a way using fwadm to block everything outbound (save for a
clutch of ports) or shall I need to use ipf for that (not an issue at all)?
Stop me if you have heard this one:
It seems to me that fwadm is likely a VM aware wrapper for ipf; now why
this possibility didn't dawn on me earlier, I am sure it is likely
hidden in plain sight in the manual.
Many Thanks,
Will
On 2/29/16 3:54 PM, Cody Mello wrote:
This type of rule is meant to work, and works when I set one up on my
local instance. There are two possibilities that I can think of right
now:
- What version of SmartOS are you running? This may be a bug that has
since been fixed
- What's the output of `fwadm list -j'? If your rule isn't a global
rule and has an owner_uuid, then it won't be applied to the VM if the
owner_uuid disagrees.
- Cody
On Mon, Feb 29, 2016 at 1:37 PM, Will Beazley
<[email protected]> wrote:
[root@90-b1-1c-00-0b-6a /usbkey]# ipfstat -nio -G
49700b0b-55a8-4245-b3bf-907e098130ab
@1 pass out quick proto tcp from any to any flags S/SA keep state
@2 pass out proto tcp from any to any
@3 pass out proto udp from any to any keep state
@4 pass out quick proto icmp from any to any keep state
@5 pass out proto icmp from any to any
@1 pass in quick proto icmp from any to any icmp-type echo code 0
@2 pass in quick proto tcp from any to any port = ssh
@3 block in all
[root@90-b1-1c-00-0b-6a /usbkey]#
On 2/29/16 3:14 PM, Cody Mello wrote:
ipfstat -nio -G 49700b0b-55a8-4245-b3bf-907e098130a
-------------------------------------------
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription:
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com
