OK - I diged a but into /lib/svc/method/ipfilter and found that the scipt is looking for ipf.conf in /var/tmp/ipf and not in /etc/ipf.
I have a different Opensolaris-Box (exactly the same build), where ipfilter in a zone is activated during boot. Ownership and permissionbs on both /etc/ipf and /etc/ipf/ipf,conf are exactly the same in both zones. The working one has a symlink ipf.conf in /var/tmp/ipf pointing to /etc/ipf/ipf.conf. The not working zone has a textfile with the following lines: r...@kunde003-wan:~# more /var/tmp/ipf/ipf.conf # Non-service programs rules # Global Default rules If that is utilized during boot - no wonder that my firewall-rules in /etc/ipf/ipf.conf won't get activated. I tried removing the file and setting a symlink like in the working zone, but upon rebooting the zone, some stupid process replaces the symlink with the blank ipf.conf. Nobody got a clue, what's causing this? Since OS is not behaving as documented, I think, we have a bug - either a doc bug or a software bug. What do you think? Cheers, Kai tel: +49 (0)5731 1502-30 mail: [email protected] ______________ Systemhaus Krick GmbH & Co. KG (www.krick.net) Osterweg 2 32549 Bad Oeynhausen Tel.: 05731 1502-0 Fax.: 05731 1502-19 ______________ Systemhaus Krick GmbH & Co. KG, Bad Oeynhausen Geschäftsführer: Robert Krick Handelsregister des Amtsgericht Bad Oeynhausen Registernummer: HRA 2365 Krick Beteiligungs GmbH, Bad Oeynhausen Geschäftsführer: Robert Krick Handelsregister des Amtsgericht Bad Oeynhausen Registernummer: HRB 3079 -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Kai Krebber Gesendet: Dienstag, 4. Mai 2010 16:44 An: [email protected] Betreff: [networking-discuss] ipfilter won't activate config after boot Hi! I created a zone and installed SUNWipf (Opensolaris 2009.06). I created /etc/ipf/ipf.conf and put in a single line for starters. INitializing the file from the commandline works fine: r...@kunde003-wan:~# ipf -f /etc/ipf/ipf.conf r...@kunde003-wan:~# ipfstat -io empty list for ipfilter(out) block in log quick on wan3001 all But rebooting the zone leads to an empty firewall-Rulebase: r...@kunde003-wan:~# ipfstat -io empty list for ipfilter(out) empty list for ipfilter(in) Currently, directory and config have the following owners / permissions: r...@kunde003-wan:/etc# ls -ld ipf drwxr-xr-x 2 root sys 3 May 4 16:36 ipf r...@kunde003-wan:/etc# ls -l ipf/ipf.conf -rw-r--r-- 1 root root 86 May 4 16:36 ipf/ipf.conf Any idea, why Opensolaris doesn't start the firewall upon booting? Cheers, Kai -- This message posted from opensolaris.org _______________________________________________ networking-discuss mailing list [email protected] _______________________________________________ networking-discuss mailing list [email protected]
