[OpenIndiana-discuss] ipfilter issue

Daniel Kjar dkjar at elmira.edu
Wed Oct 27 23:29:58 UTC 2010


  ahhh... I looked at man ipfilter but saw nothing there...

On 10/27/10 06:06 PM, Oscar del Rio wrote:
>
> On 10/27/10 05:28 PM, Daniel Kjar wrote:
>>
>> no matter what was in my /etc/ipf/ipf.conf.
>> no amount of restarting editing changing permissions etc would fix it.
>>
>> The only way I can get it to do what I need is by telling ipfilter 
>> where the ipf.conf file is...
>> ipf -Fa -f /etc/ipf/ipf.conf
>>
>> then it works perfectly.  Anybody else notice this?  Might be machine 
>> specific but it looks more like the default ipfilter just doesn't 
>> know where to look for the conf file.
>>
>
> ipfilter now uses SMF properties instead of .conf file, unless you set 
> "policy" to custom.
>
> Check "svcprop ipfilter":
>
> firewall_config_default/policy astring custom
> firewall_config_default/custom_policy_file astring /etc/ipf/ipf.conf
>
> See "man svc.ipfd":
>
>> firewall_config_default/policy
>>
>>          Global Default policy, firewall_config property group in
>>          svc:/network/ipfilter:default,  can  also be set to cus-
>>          tom. Users can set policy to custom to use  prepopulated
>>          IP  Filter  configuration,  for  example, an existing IP
>>          Filter configuration or custom configurations that  can-
>>          not  be  provided by the framework. This Global Default-
>>          only policy mode allows users to supply a text file con-
>>          taining  the complete set of IPF rules. When custom mode
>>          is selected, the specified set of IPF rules is  complete
>>          and  the framework will not generate IPF rules from con-
>>          figured firewall policies.
>>
>>      firewall_config_default/custom_policy_file
>>
>>          A file path to be used when Global Default policy is set
>>          to  custom.  The  file  contains a set of IPF rules that
>>          provide the desired IP Filter configuration.  For  exam-
>>          ple,  users with existing IPF rules in /etc/ipf/ipf.conf
>>          can execute the following commands to use  the  existing
>>          rules:
>>
>>              1.   Set custom policy:
>>
>>                     # svccfg -s ipfilter:default setprop \
>>                     firewall_config_default/policy = astring: "custom"
>>
>>              2.   Specify custom file:
>>
>>                     # svccfg -s ipfilter:default setprop \
>>                     firewall_config_default/custom_policy_file = 
>> astring: \
>>                     "/etc/ipf/ipf.conf"
>>
>>              3.   Refresh configuration:
>>
>>                     # svcadm refresh ipfilter:default
>
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss

-- 
Dr. Daniel Kjar
Assistant Professor of Biology
Division of Mathematics and Natural Sciences
Elmira College
1 Park Place
Elmira, NY 14901
607-735-1826
http://faculty.elmira.edu/dkjar

"...humans send their young men to war; ants send their old ladies"
	-E. O. Wilson





More information about the OpenIndiana-discuss mailing list