IPFilter not filtering - Solaris

This is a discussion on IPFilter not filtering - Solaris ; On Solaris 10, it appears that IPFilter is running but not processing any of my rules. I have a very simple set of rules in /etc/ipf/ipf.conf #block in all #block out all And here is what I get when I ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: IPFilter not filtering

  1. IPFilter not filtering

    On Solaris 10, it appears that IPFilter is running but not processing
    any of my rules. I have a very simple set of rules in /etc/ipf/ipf.conf

    #block in all
    #block out all

    And here is what I get when I do ipf -V

    # ipf -V
    ipf: IP Filter: v4.0.2 (500)
    Kernel: IP Filter: v4.0.2
    Running: yes
    Log Flags: 0 = none set
    Default: pass all, Logging: available
    Active list: 1
    #

    I also have my NIC listed in pfil.ap:

    #fets0 -1 0 pfil

    I have enabled the services pfil and ipfilter using the commands:

    #svcadm enable network/pfil
    #svcadm enable network/ipfilter
    #ipf -e
    #ipf -f /etc/ipf/ipf.conf

    Any advice?

  2. Re: IPFilter not filtering

    The 0 was the problem. I added the interface rather than the driver.
    Thanks for your help

    Andrew Gabriel wrote:
    > In article ,
    > Fugtruck writes:
    >
    >>I also have my NIC listed in pfil.ap:
    >>
    >>#fets0 -1 0 pfil

    >
    >
    > Does it really have that comment symbol on the beginning of the line?
    > It is also rather unlikely the driver name ends with a '0' -- you
    > should probably drop that '0' off.
    >
    > What does the following command display (should be as shown):
    >
    > # ifconfig fets0 modlist
    > 0 arp
    > 1 ip
    > 2 pfil
    > 3 fets
    > #
    >


+ Reply to Thread