Yes, the Admin Guide is incorrect or not sufficient. Since
/etc/ipf/ipf.conf has been the historical location for network/ipfilter,
I'm debating on whether to consider it an error that /etc/ipf/ipf.conf
exists and network/ipfilter policy is not set to 'custom'.
On the other hand, I didn't want to special treat /etc/ipf/ipf.conf since user
can specify any other
valid rule file in 'custom' mode. From this perspective, it seems bad to design
a new generic option (i.e. supporting any valid file) but maintain special
treatment of /etc/ipf/ipf.conf
-tn
On 05/ 5/10 11:01 PM, Kai Krebber wrote:
Then you agree that the Opensolaris Admin Guide is wrong. i.e we have a doc-bug?
Cheers,
Kai
-----Ursprüngliche Nachricht-----
Von: [email protected] [mailto:[email protected]] Im Auftrag von
Tony Nguyen
Gesendet: Donnerstag, 6. Mai 2010 01:33
An: Kai Krebber
Cc: [email protected]; [email protected]
Betreff: Re: [networking-discuss] Solved (sort of): ipfilter won't activate
config after boot
On 05/ 5/10 05:28 AM, Kai Krebber wrote:
Heads up!
I now explicitly set /etc/ipf/ipf.conf as default conf (via custom
conf):
r...@kunde003-wan:~# svccfg -s network/ipfilter:default setprop
firewall_config_default/policy = astring: custom
r...@kunde003-wan:~# svccfg -s network/ipfilter:default setprop
firewall_config_default/custom_policy_file = astring:
"/etc/ipf/ipf.conf"
Now the zone activates the ipfilter-config upon reboot.
I still think, the original behavior is a bug. Any Idea, where I could
file it?
Cheers,
Kai
Sorry for not getting back to you earlier, due to personal reasons, my
work schedule has been sporadic. This change in behavior was delivered
with Solaris host-base firewall project. See ipfilter(5) and
svc.ipfd(1M) for description on how to use network/ipfilter to configure
system firewall.
regards,
-tn
_______________________________________________
networking-discuss mailing list
[email protected]
