I am using ipfilter 4.1.10 and pfil 2.1.7 on Solaris 9.
Initial condition is as follows after installing pfil, ipf and ipfx packages
with a couple of rules, then reboot.
----------------------------------------------------------------------------
----------------------------
root> cat /etc/opt/pfil/iu.ap
ce -1 0 pfil
root> ipfstat -io
block out log quick on ce0 proto icmp from any to any icmp-type echorep
block in log quick on ce0 proto icmp from any to any icmp-type echo
root> ifconfig ce0 modlist
0 arp
1 ip
2 pfil
3 ce
root> ndd /dev/pfil qif_status
ifname ill q OTHERQ ipmp num sap hl nr nw bad copy copyfail drop notip
nodata notdata
ce5 0x30000074a30 0x30002968ce8 0x30002968dd8 0x0 4 800 14 378 337 0 0 0 0 0
0 0
ce4 0x30000074f30 0x3000189e2a0 0x3000189e390 0x0 2 800 14 372 360 0 0 0 0 0
0 0
ce0 0x30000074cb0 0x3000189e7c0 0x3000189e8b0 0x0 0 800 14 961 688 0 0 0 0 0
0 0
----------------------------------------------------------------------------
----------------------------
ipfilter can block ping requests with above rules.
Then I removed the pfil module of ce0 with following operations.
root> ifconfig ce0 modremove [EMAIL PROTECTED]
root> ifconfig ce0 modlist
0 arp
1 ip
2 ce
Tested again on ce0, it does't block any ping requests.
----------------------------------------------------------------------------
----------------------------
Lastly, I try to insert the pfil module back. The rules are not changed.
root> ifconfig ce0 modinsert [EMAIL PROTECTED]
root> ifconfig ce0 modlist
0 arp
1 ip
2 pfil
3 ce
But I found that ipfilter doesn't block ping requests at that time.
Check with ndd command again and find that ce0 was not listed.
Can I do any other operations to let ipfilter work again without reboot?
Thanks,
Chungang
