Solaris host-based firewall [PSARC/2008/580 FastTrack]
Tony Nguyen
Truong.Q.Nguyen at sun.com
Thu Oct 2 16:38:38 PDT 2008
John Plocher wrote:
> Tony Nguyen wrote:
>> I agree that ipf command features can't be replaced by the current
>> SMF. In this specific example, the three ipf commands can be replaced
>> by a single svcadm restart command so it was really tempting :)
>
>
> It may be useful to use this as an example:
>
> ... BTW, the svcadm interface invokes the following commands,
> which illustrate the use of ipf...
>
>
> -John
That sounds like a good idea. Would the below text be reasonable?
thanks,
tony
================================================
To re-enable packet filtering after it has been temporarily
disabled either reboot the machine or run the following command:
# svcadm restart network/ipfilter
which essentially executes the following ipf commands:
1. Enable Solaris IP Filter:
# ipf -E
2. Load ippools:
# ippool -f <ippool configuration file>
See ippool(1M)
3. Activate packet filtering:
# ipf -f <ipf configuration file>
4. (Optional) Activate NAT:
# ipnat -f <IPNAT configuration file>
See ipnat(1M).
Note -
If you reboot your system, the IPfilter configuration is
automatically activated.
===========================================
More information about the opensolaris-arc
mailing list