ipfilter on not all interfaces

Hi,

i want to run ipfilter (from solaris 10) on only a few of my interfaces.

I tried a line like

bge1 0 pfil

in /etc/ipf/pfil.ap. (On my box minor 1 seems to be bge0).

pfil is running, but ipfilter does not start due to:

pfil not plumbed on any network interfaces.

in /var/svc/log/network-ipfilter:default.log

The manual page for autopush suggests my config is ok.

Has anybody ever tried this? Does it work? How?

thanks, tom.

[500 byte] By [] at [2007-11-25 22:50:53]

«« PC Netlink 2.0 and Windows 2003 Standard Edition
»» syslogd - routerlog in logfile on solaris

# 1

I found a workaround, but a poor one:

unplumb the device (ifconfig <device_name> unplumb)

autopush /etc/ipf/pfil.ap (assuming it's configured correctly, with the device name uncommented from the list)

re-plumb the device (ifconfig <device_name> plumb xxx.xxx.xx.xxx netmask 255.255.255.0 up)

enable the services:

svcadm enable pfil

svcadm enable ipfilter

jmille50 at 2007-7-5 17:06:20 >

top of Java-index,General,Sun Networking Services and Protocols...

# 2

forgot to mention...the reason it's a poor workaround is because it doesn't survive a reboot, and you have to be working directly on the console (you get booted off with the unplumb otherwise).

jmille50 at 2007-7-5 17:06:20 >

# 3

Hmm, in theory it should work with a ifconfig <interface> modinsert pfil@2:-) .7/M.

mAbrante at 2007-7-5 17:06:20 >

# 4

very interesting mAbrante. I just tried this on my brandnew x2200m2 and it worked like a charm. Any idea why the instructions do not work? Why it doesnt autopush before it is plumbed at boot? I really had to fight with my ultr20 to get ipfilter running becuase of this.

kjard_us at 2007-7-5 17:06:20 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

ipfilter on not all interfaces

General New Topic

General Hot Topic

General

All Classified