> > To manipulate these properties of the ipfilter service,
> > a new script called "ipfadm" is to be used as follows:
> >
> > ipfadm ipf <enable|disable|start|stop|status|restart|refresh>
> > ipfadm ipnat <enable|disable|start|stop|status|restart|refresh>
> > ipfadm ippool <enable|disable|start|stop|status|restart>
> > ipfadm ipmon <enable|disable|start|stop|status|restart|refresh>
> > ipfadm ipfilter <enable|disable|start|stop|status>
>
> Why ? This seems like adding a command for the sake of it to me.
>
> I don't see anything that description of ipfadm that you can't to today
> with svcadm and svcs, if you used a separate service for each of
> the things that make up IPfilter.
Neither supporting or rejecting a proposal for ipfadm,
an overall question to ask would be how such a command
would fit with other plans for smf administration and/or
what other parts of ipf administration will be subsumed
by ipfadm. For example if it completely does away with
$EDITOR for all ipf administration and is completely
authorization driven, this may well be a good thing.
If it is only a svcadm/svcs wrapper and not part of
a model of smf administration, perhaps it would be better
to forgo.
Gary..
