I am trying to add a new interface on a Solaris box running FW-1 3.0b. When
trying to plumb the new interface, I was hanging up. Going to Phone boy for
info, I found the following:
While the FireWall-1 kernel loadable module is installed, it prevents new
interfaces from coming up. To add a new interface
to your FireWall-1 machine without rebooting (i.e. to do this quickly as
possible), you will need to un-install, the kernel loadable
module, bring up the new interfaces, re-install the kernel loadable module, and
reload your security policy.
Warning: Unplug yourself from the network before doing these commands this since
FireWall-1 will not be able
to enforce your security policy at this time.
The commands are:
# fw ctl uninstall
< Do your ifconfig commands here >
# fw ctl install
# fw fetch localhost
My question is, what would be the difference if you just do a fwstop, plumb the
interface, and do a fwstart again? It seems that this would allow the interface
to be plumbed without opening up the
network, but much faster than a reboot. I couldn't find any information on the
ctl uninstall/install. Any information would be greatly appreciated.
Harley Sanders
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
