Thanks for the reply. I'll look for the mentioned instructions and try 4.1.8. Also, thanks for a great package!
- logan On Mon, Aug 01, 2005 at 04:26:22AM +1000, Darren Reed wrote: > > Hello everyone, > > > > I'm new to the list so please forgive me if this is a stupid question > > or addressed recently. > > > > I have a solaris 10 box configured as a router / firewall / nat > > box. It works great except with respect to ipv6. IPv6 (6to4) itself > > works great. However, it seems that the version of ipfilter bundled > > with Solaris 10 (v4.0.2) only supports blocking ipv6 entirely. I > > understand that newer versions support IPv6 with the ipf6.conf > > file. > > There are no such versions yet bundled with Solaris. > > > For past versions of Solaris I've built and installed > > ipfilter. Several months ago I had tried to remove the Solaris bundled > > version and replace it with a newer version. (Unfortunately I don't > > recall which version.) The results were unpleasant. Frequent system > > panics. I wasn't sure whether I had failed to completely remove the > > bundled package or if the newer version didn't support solaris 10 yet. > > Unless you can mention specific versions and what you did, it's hard to > diagnose what went wrong or try to troubleshoot the situation. Needless > to say, 4.1.8 seems to work reasonably well on S10 if you walk through a > specific set of hoops that someone else has documented. > > > Anyway, to make a long story short I was wondering if ipfilter 4.1.8 > > was known to work with Solaris 10 configured as an IPv6 6to4 > > relay. > > I've never tried it, so I can't say. > > > Also, if there are any tricky steps relating to removing the > > bundled version that I should be conscious of. Or if someone has some > > insight into Sun's ipfilter upgrade plans for Solaris 10 and know a > > patch is on its way. > > Search amongst the blogs on http://blogs.sun.com for project updates > on ipfilter in Solaris. Of course whatever time frame you see there > only applies to Solaris express (and OpenSolaris.) Getting code into > an update release or similar is not very quick. If you have a support > contract, you might be able to cause someone to generate a special > patch for you. > > Darren
