Darren.Reed at Sun.COM wrote: > Darren J Moffat wrote: > >> Darren.Reed at Sun.COM wrote: >> >>> Rather than create N different services for IPFilter, we've >>> gone with keeping the existing service name but allowing >>> SMF to be used to control what it does at a finer level. >> >> >> What is the reason for this ? > > > Please review the earlier discussion on this subject.
Please point me to the thread it isn't obvious where I should be looking. I fully understand why you need to be able to control ipf/ipnat etc separately. I don't understand the rationale for one service versus multiple. >> I don't see anything that description of ipfadm that you can't to >> today with svcadm and svcs, if you used a separate service for each of >> the things that make up IPfilter. > > > Sure, you can use svcadm/svcs to achieve those things but how hard > are they to do using them? Not to mention that there are some steps > that aren't obvious to new comers (ie. svcadm refresh). I believe > there is worthwhile value added by using this extra layer, as it were. > > So far as I'm concerned, the use of svcadm/svcs is in this case an > implementation detail of the mechanism used to manage the components > of IPFilter. The answer I was actually expecting and would have been happy to accept was that IPfilter on all operating systems was going to get an ipfadm command with those options (the implementations would differ). I'm not sure I like the adding of fooadm when svcadm/svccfg could do it. It is already confusing enough with inetadm (and some people believe it was a mistake). -- Darren J Moffat
