> On Sun, 14 May 2006, Darren Reed wrote: > > > Date: Sun, 14 May 2006 21:43:27 +1000 (EST) > > From: Darren Reed <[EMAIL PROTECTED]> > > To: Jeff A. Earickson <[EMAIL PROTECTED]> > > Cc: [email protected] > > Subject: Re: upgrading ipfilter or pfil on Solaris 10? > > > >> Gang, > >> > >> While I'm the author of the how-to on replacing Sun's ipfilter > >> with the public domain version at: > >> > >> http://www.colby.edu/personal/j/jaearick/sysadmin/sol10.ipfilter.upgrade > >> > >> I have never upgraded ipfilter or pfil from one version to another > >> on any of my Solaris 10 boxes. I need to do so. Anybody have > >> any advice, warnings, or gotchas on this topic? Or is this new > >> territory that needs to be documented? > > > > pkgrm ipfx > > pkgrm ipf > > pkgrm pfil > > reboot > > pkgadd pfil > > pkgadd ipf > > pkgadd ipfx > > > > You asked in another email whether or not the reboot is avoidable. > > Yes, it is, but avoiding it means unplumb'ing all of your interfaces. > > Isn't doing the pkgrm's without modunloading the modules first a bad idea? > Kind of like shifting gears without using the clutch -- horrible > grinding sounds???
I think you'll find that the remove scripts for ipf/pfil use rem_drv, which removes the driver from Solaris's knowledge and then says "will unload on next reboot." Darren
