To pickup a conversation that was started some time ago... With the feedback from this community, we went back and looked at what we could do here...
Rather than create N different services for IPFilter, we've gone with keeping the existing service name but allowing SMF to be used to control what it does at a finer level. We're planning on adding the following boolean properties: configuration/ipf_enabled configuration/ipnat_enabled configuration/ippool_enabled configuration/ipmon_enabled By default, all of these will ship "true" so that doing a "svcadm enable ipfilter" will enable IPFilter with all of the above active as it does today - no regression. Performing a disable or enable on the ipfilter service will not cause a change in any of the above properties. To manipulate these properties of the ipfilter service, a new script called "ipfadm" is to be used as follows: ipfadm ipf <enable|disable|start|stop|status|restart|refresh> ipfadm ipnat <enable|disable|start|stop|status|restart|refresh> ipfadm ippool <enable|disable|start|stop|status|restart> ipfadm ipmon <enable|disable|start|stop|status|restart|refresh> ipfadm ipfilter <enable|disable|start|stop|status> Following on from the manner in which svcadm operates, the "enable" and "disable" will both change the value of the property to true/false respectively and then start/stop the service. The other actions are as follows: - "start" (if enabled) will cause the configuration to be loaded and made active - "stop" (if enabled) will cause the configuration & tables to be cleared - "restart" is short hand for "stop" and then "start" - "refresh" will just flush out the old rules and load in new ones - "status" will cause the script to verify the current state of that part of ipfilter with the relevant property and display an appropriate message For both "start" and "stop", it is possible to force that action to be taken by supplying a "-f" command line switch, ignoring the value held in the property. The use of "status" is intended to allow the user to discern any discrepencies between running state and the stored property values that might arise from this. Darren
