[OpenIndiana-discuss] ipfilter frustrations again

Michael Stapleton michael.stapleton at techsologic.com
Wed Jul 18 13:58:34 UTC 2012 

A look at the service script might help isolate the problem

more /lib/svc/method/ipfilter

There are some interesting comments in it that might be related.

Mike

On Wed, 2012-07-18 at 09:34 -0400, Daniel Kjar wrote:

> Yes, and that does it but then I have to go in and remove all the quick 
> statements that it automagically generates.
> 
> What I don't understand is when I check the settings, everything looks 
> right..
> 
> |# svccfg -s ipfilter:default listprop firewall_config_default/policy
> firewall_config_default/policy  astring  custom
> 
> ||# svccfg -s ipfilter:default listprop firewall_config_default/custom_policy_file
> firewall_config_default/custom_policy_file  astring  /etc/ipf/ipf.conf|
> 
> but....
> 
> I get this
> 
> [root at bio2:~]>ipfstat -i
> pass in log quick proto tcp from any to any port = 45139 flags S/FSRPAU 
> keep state
> pass in log quick proto tcp from any to any port = lockd flags S/FSRPAU 
> keep state
> pass in log quick proto udp from any to any port = lockd
> pass in log quick proto tcp from any to any port = 59045 flags S/F
> 
> If I force it I get that plus my ipf.conf file and if I reboot I lose 
> the changes to the properties of the ipfilter svc crap.  As I said this 
> is on a brand spanking new and clean unaltered 151a5 installation.  This 
> is a x2200m2 not that it matters.
> 
> 
> On 07/18/12 09:16 AM, Lou Picciano wrote:
> > Daniel,
> >
> >
> > Yes, have found ipfilter to be quite fiddly... Have you tried to manually reload the filter rules with something like:
> > ipf -f /path/to/ipf.conf ? (or, similarly: ipnat -f (etc) ???
> >
> >
> > Lou Picciano
> >
> > ----- Original Message -----
> > From: "Daniel Kjar" <dkjar at elmira.edu>
> > To: "Discussion list for OpenIndiana" <openindiana-discuss at openindiana.org>
> > Sent: Wednesday, July 18, 2012 8:37:00 AM
> > Subject: [OpenIndiana-discuss] ipfilter frustrations again
> >
> > How do you 'correctly' modify the ipfilter settings with this new
> > 'ignore /etc/ipf/ipf.conf' set up in OI? I tried
> > following the directions on
> >
> > http://hub.opensolaris.org/bin/view/Community+Group+on/2009022302
> >
> > but nothing changes. This is on a fresh 151a5 install. How is a person supposed to do this without using a customized ipf.conf file? Is there a gui?
> >
> > I can't get the damn thing to look at etc/ipf/ipf.conf and I modified the new default custom location /somewhere/incomprehensible/ipf.conf and that does nothing either.
> >
> >
>

More information about the OpenIndiana-discuss mailing list