[OpenIndiana-discuss] How to tell nwam to use the firewall rules in /etc/ipf/ipf.conf ?
Udo Grabowski (IMK)
udo.grabowski at kit.edu
Mon Feb 28 11:51:57 UTC 2022
On 28/02/2022 12:44, Udo Grabowski (IMK) wrote:
>
>
> On 28/02/2022 12:32, Marc Lobelle wrote:
>> Hello,
>>
>> I defined firewall rules for ipfilter in /etc/ipf/ipf.conf.
>>
>> However, I use nwam and, at boot time, nwam wipes out all firewall
>> rules and imposes its own: block everything excpt dhcp in the NoNet
>> situation and no rules at all when a network interface is active.
>>
>> The NoNet rules can be replaced by my own rules by copying
>> /etc/ipf/ipf.conf in /etc/nwam/loc/NoNet/ipf.conf, but this is useless
>> because it is replaced by nothing at all when a network interface is
>> activated. Therefore I removed this change.
>>
>> I tried to add to /etc/nwam/loc/create_loc_auto a line "set
>> ipfilter-config-file=/etc/ipf/ipf.conf" similar to the line in
>> create_loc_NoNet: "set ipfilter-config-file=/etc/nwam/loc/NoNet/ipf.conf"
>>
>> But this does not change the behaviour.
>>
>> How can I tell nwam to use ipf.conf ?
>>
>> Thanks for your help.
> > ...
>
> In illumos-gate/usr/src/lib/libnwam/common/libnwam.h, I see
> #define NWAM_LOC_PROP_IPFILTER_CONFIG_FILE "ipfilter-config-file"
> #define NWAM_LOC_PROP_IPFILTER_V6_CONFIG_FILE
> "ipfilter-v6-config-file"
Wild guess: These are probably defineable in the nwam_netcfg group
of the svcprop entries via svccfg.
More information about the openindiana-discuss
mailing list