General IP filter settings may apply, depending on the rules, interface(s) used
and defined, etc.
SMF properties are per zone, so that would be completely different. However, if
you close a zone, the SMF configuration is copied over, not created from
scratch. I am not 100% sure if the secure by default
"service_profile=limited_net" /etc/sysidcfg configuration profile applies after
cloning a 'hardened' zone. I alway set that for my zones, including my 'master'
zone from which I clone most of my zones. I have never checked if I clone a SBD
and set the clone to not be 'limited_net' (and I don't know what the
alternative is--sysidcfg(5) does not include it), whether it will be 'secured'
Hardening by restricting the packages installed would apply, at least for
system packages or for sparse (since you said Solaris 10) zones.
This message posted from opensolaris.org
zones-discuss mailing list