[OpenIndiana-discuss] ipfilter doesn't read ipf.conf

Milan Jurik milan.jurik at xylab.cz
Wed Feb 29 16:48:37 UTC 2012 

Hi Anil,

Anil Jangity píše v St 29. 02. 2012 v 07:25 -0800: 
> svc:/network/ipfilter:default> listprop firewall_config_default
> firewall_config_default                      com.sun,fw_configuration
> firewall_config_default/apply_to             astring  
> firewall_config_default/custom_policy_file   astring  
> firewall_config_default/exceptions           astring  
> firewall_config_default/open_ports           astring  
> firewall_config_default/policy               astring  none
> firewall_config_default/value_authorization  astring  solaris.smf.value.firewall.config
> firewall_config_default/version              count    1
> svc:/network/ipfilter:default> 
> 
> Looks like I need to set custom_policy_file to /etc/ipf/ipf.conf.
> What I was asking is why this isn't set by default? /etc/ip/ipf.conf has always been the standard config file for ipfilter.
> 

http://hub.opensolaris.org/bin/view/Community+Group+on/2009022302

firewall_config_default/policy                astring  custom
firewall_config_default/custom_policy_file    astring /etc/ipf/ipf.conf

It could be that it was always but we moved further. Currently it is
more BFU friendly maybe...

Best regards,

Milan

> 
> On Feb 28, 2012, at 10:20 PM, Milan Jurik wrote:
> 
> > Hi,
> > 
> > what do you mean by "default settings"? By default there is host-based firewall which is doing automagic and does not parse ipf.conf
> > 
> > Which properties in group firewall_config_default of SMF service network/ipfilter:default do you have set and how?
> > 
> > Best regards,
> > 
> > Milan
> > 
> > On 29.02.2012 07:01, Anil Jangity wrote:
> >> Is this a known issue, should I file a bug?
> >> ipfilter doesn't seem to want to read /etc/ipf/ipf.conf file(default
> >> settings). Also, has anyone had any problems with sending ipmon logs
> >> to syslog on 151a2?
> >> 
> >> I have:
> >> local0.debug                                    /var/log/ipmon.log
> >> and then I restarted system-log.
> >> 
> >> I have some rules that log data, but still not seeing anything in ipmon.log.
> >> 
> >> Thanks,
> >> Anil
> >> 
> >> _______________________________________________
> >> OpenIndiana-discuss mailing list
> >> OpenIndiana-discuss at openindiana.org
> >> http://openindiana.org/mailman/listinfo/openindiana-discuss
> > 
> > 
> > _______________________________________________
> > OpenIndiana-discuss mailing list
> > OpenIndiana-discuss at openindiana.org
> > http://openindiana.org/mailman/listinfo/openindiana-discuss
> 
> 
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss

More information about the OpenIndiana-discuss mailing list