David Bustos wrote: > Quoth Darren Reed on Tue, Aug 29, 2006 at 05:06:08PM +0800: > >> In attending to 6236881, we're currently looking at turning >> svc:/network/ipfilter up into 6 services in order to get the >> correct level of access via "refresh" and "start"/"stop" methods >> to managing related data. The new list of services is currently >> planned to be: >> >> svc:/network/ipfilter (milestone) >> svc:/network/ipfilter/ipf >> svc:/network/ipfilter/ipmon >> svc:/network/ipfilter/ippool >> svc:/network/ipfilter/ipfnat >> svc:/network/ipfilter/ipfconf >> > > Can you give a brief description of what each of these services would > do? > > > David > OK.
"ipf" is responsible for checking whether pfil is plumbed on NICs, and restart pfild. It is the basic service which all other services depend on. "ipfconf" is responsible for flushing the filter rules and loading rules from ipf.conf "ipfnat" is responsible for flushing NAT rules and loading rules from ipnat.conf "ippool" is responsible for flushing ippool and loading rules from ippool.conf "ipmon" is responsible for managing ipmon daemon and "ipfilter", is to be made a milestone And the dependencies are as follows: ipmon ==> ipf ippool ==> ipf ipfconf ==> ipf; ipfconf ---> ipmon, ippool ipfnat ==> ipf; ipfnat ---> ipfconf, ipmon ipfilter ==> ipf; ipfilter ---> ipfconf, ipfnat, ipmon A ==> B means A depends on B, and the relationship is "require_all" A ---> B means A depends on B, and the relationship is "optional_all" -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/smf-discuss/attachments/20060830/8552ac0d/attachment.html>
