Re: Solaris 10+ipfilter how-to (revised)

Tue, 17 Jan 2006 07:23:27 -0800 

On Mon, 16 Jan 2006, Damon Register wrote:


Date: Mon, 16 Jan 2006 21:25:31 -0500
From: Damon Register <[EMAIL PROTECTED]>
To: [email protected]
Subject: Re: Solaris 10+ipfilter how-to (revised)

Jeff A. Earickson wrote:

Phil,

Please find it at:

http://www.colby.edu/personal/j/jaearick/sysadmin/sol10.ipfilter.upgrade

Yes, I do periodically update it as I learn new things in the
course of working with Solaris 10.  Please use this link for the FAQ.

I have read your procedure but I am still trying to understand it.
I see that you are describing how to replace the Sun version with a
different one but I don't understand why one would want do change.
What is the purpose of replacing the Sun version?  Is there something
wrong with the Sun version?  Is it only because people are used to
the traditional method and would rather use it instead of the new
Sun approach to services?


The Pros of replacing Sun ipfilter with Darren's latest:
1) You get the latest bug fixes and features of ipfilter.
2) You help humanity by testing the latest version of ipfilter.
3) You get the collected beauty and wisdom of this list.
4) You don't have to hassle with Sun support for ipfilter.

The Cons:
1) Sun support won't help you if you call about ipfilter.
2) You get the latest bugs and mis-features in ipfilter.
3) The list may not be able to help you with your problem.
4) Rolling back to Sun's version may be very hard (I've never
   done it).
YMMV. In my case I run version 3.4.31 on my Solaris 9 boxes. I had problems with later version of 3.x, 3.4.31 works for me, 
and I don't have to hassle with pfil.
I run version 4.1.8 on my Solaris 10 boxes with either pfil 2.1.6 or 2.1.7. I have had no luck with 4.1.9 or 4.1.10 in my limited experience with them. I had a Sun V210 (bge interface) available for a while to use as a test box with 4.1.9/10. 4.1.9 would hang the system. With 4.1.10 I got mysterious reboots. Then I had to put the V210 into production. 4.1.8 is rock solid on my V210 and V490 systems, so that's what I use with Solaris 10 at this time. 

My only test box now is an old Ultra5, and my work-study student
is using it for Jumpstart client testing.  I'll return it to
4.1.10 testing when I can.

Jeff Earickson
Colby College

Reply via email to