Re: [networking-discuss] Solved (sort of): ipfilter won't activate config after boot

Fri, 07 May 2010 14:46:55 -0700 

Hi,
I have just chanced upon this thread and since the conclusions seem to point to a defect in the docs, please file a doc bug here: 

https://defect.opensolaris.org/bz/


Then this defect can be properly assigned to a writer to 
make the necessary revisions.


Thanks!
Raoul

On 05/06/10 05:45 AM, Tony Nguyen wrote:

Yes, the Admin Guide is incorrect or not sufficient. Since 
/etc/ipf/ipf.conf has been the historical location for network/ipfilter, 
I'm debating on whether to consider it an error that /etc/ipf/ipf.conf 
exists and network/ipfilter policy is not set to 'custom'.



On the other hand, I didn't want to special treat /etc/ipf/ipf.conf 
since user can specify any other
valid rule file in 'custom' mode. From this perspective, it seems bad to 
design a new generic option (i.e. supporting any valid file) but 
maintain special treatment of /etc/ipf/ipf.conf


-tn

On 05/ 5/10 11:01 PM, Kai Krebber wrote:

Then you agree that the Opensolaris Admin Guide is wrong. i.e we have 
a doc-bug?


Cheers,
Kai



-----Ursprüngliche Nachricht-----

Von: [email protected] [mailto:[email protected]] Im 
Auftrag von Tony Nguyen

Gesendet: Donnerstag, 6. Mai 2010 01:33
An: Kai Krebber
Cc: [email protected]; [email protected]

Betreff: Re: [networking-discuss] Solved (sort of): ipfilter won't 
activate config after boot


On 05/ 5/10 05:28 AM, Kai Krebber wrote:

Heads up!

I now explicitly set /etc/ipf/ipf.conf as default conf (via custom
conf):
r...@kunde003-wan:~# svccfg -s network/ipfilter:default setprop
firewall_config_default/policy = astring: custom
r...@kunde003-wan:~# svccfg -s network/ipfilter:default setprop
firewall_config_default/custom_policy_file = astring:
"/etc/ipf/ipf.conf"

Now the zone activates the ipfilter-config upon reboot.

I still think, the original behavior is a bug. Any Idea, where I could
file it?

Cheers,
Kai


Sorry for not getting back to you earlier, due to personal reasons, my
work schedule has been sporadic. This change in behavior was delivered
with Solaris host-base firewall project. See ipfilter(5) and
svc.ipfd(1M) for description on how to use network/ipfilter to configure
system firewall.

regards,
-tn


_______________________________________________
networking-discuss mailing list
[email protected]


_______________________________________________
networking-discuss mailing list
[email protected]






















					Reply via email to