In some email I received from Jefferson Ogata, sie wrote: > Solaris x86 kernel Generic_108529-15, IP Filter 3.4.29 built with gcc 2.95.3 > from Solaris Software Companion... > > Whenever I run modinfo (as any user) on the Solaris host, some or all existing > TCP connections through the firewall are reset. Connections made to the > firewall itself are not reset, or at least some of them aren't. Unfortunately, > this is detrimental enough that I don't want to do a lot of testing on it. But > weirdly, the state and NAT entries for the old connections don't appear to be > exterminated. It's as if IPF decided to send TCP reset packets out. > > I am using return-rst in some areas.
Can you check to see if RST packets are being sent out all interfaces ? If the box is plugged into a switch with 10/100/FDX lights, do any of those change when you do "modinfo" ? If you do an "ipf -y" rather than "modinfo", does the same thing happen ? Darren
