-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 With definately not enough sleep, I've finally gotten ipfilter to work properly with solaris's zones, but I haven't given it a lot of testing yet. So if you've got some time and would like to try a thing or two out, download it from here: http://coombs.anu.edu.au/~avalon/ip_fil5.0.3.tar.gz MD5 (ip_fil5.0.3.tar.gz) = 7fd866307e777cb9a64575595df7ec74 and have a bash.
And I just realised it won't yet grab traffic between zones...give me a few days... At the moment the only interception will be between the zone and the outside box... for local zones, you need to do something like: zlogin myzone ipfstat etc. to view/manage ipfilter in that zone. What I also want to add is a mechanism by which you can specify which zone(s) must have their packets also processed by the global zone rules. I'm not sure how I'll do that yet as the identifier space for network interfaces is unique per zone, not per machine, and if you have bge0 in a localzone, the global zone won't see it at all, so hmmm... Cheers, Darren -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkij/CoACgkQP7JIXtvLbFX8WQCgmtUZlGI+imVFZ/I9juawG5vT gSgAoL4xmgl5gPbo6yO9CTLxbEWEWJ2t =otc/ -----END PGP SIGNATURE-----
