Darren J Moffat wrote: > Darren.Reed at Sun.COM wrote: > >> Rather than create N different services for IPFilter, we've >> gone with keeping the existing service name but allowing >> SMF to be used to control what it does at a finer level. > > > What is the reason for this ?
Please review the earlier discussion on this subject. > ... > >> To manipulate these properties of the ipfilter service, >> a new script called "ipfadm" is to be used as follows: >> >> ipfadm ipf <enable|disable|start|stop|status|restart|refresh> >> ipfadm ipnat <enable|disable|start|stop|status|restart|refresh> >> ipfadm ippool <enable|disable|start|stop|status|restart> >> ipfadm ipmon <enable|disable|start|stop|status|restart|refresh> >> ipfadm ipfilter <enable|disable|start|stop|status> > > > Why ? This seems like adding a command for the sake of it to me. > > I don't see anything that description of ipfadm that you can't to > today with svcadm and svcs, if you used a separate service for each of > the things that make up IPfilter. Sure, you can use svcadm/svcs to achieve those things but how hard are they to do using them? Not to mention that there are some steps that aren't obvious to new comers (ie. svcadm refresh). I believe there is worthwhile value added by using this extra layer, as it were. So far as I'm concerned, the use of svcadm/svcs is in this case an implementation detail of the mechanism used to manage the components of IPFilter. Darren
