Peter Memishian wrote: > > > > > validate_interface could just do 'dladm show-dev $1 > /dev/null > > > > > 2>&1' and test the result. > > > > > > > > With the caveat that show-dev disappeared in build 105 (but it probably > > > > wasn't what validate_interface was looking for anyway, given that it > keyed > > > > off of device names, not datalinks or IP interfaces). I'd need to know > > > > what validate_interface is trying to do to suggest an alternative > approach. > > > > > > > > > > Hi Meem, > > > > > > Given an interface name, validate_interface verifies it's a valid > > > physical interface on the system. Looks like 'dladm show-phys' is what I > > > need. Let me know if there's better alternative. > > > > Why "physical interface"? The firewall doesn't work on aggregations nor > > VLANs? > > Tony stopped by my office and we talked about this. It seems he wants > physical IP interfaces, and thus should use ifconfig to check if the IP > interface exists. There's a related matter of how the host-based firewall > will need to be updated to accommodate L2 filtering, which presumably > would make use of datalinks. >
Yes, the firewall will support IP interfaces and ifconfig is the most appropriate tool. I'll keep L2 filtering in mind. Thanks, -tony
