Edward Pilatowicz wrote: > just one quick question. > > given that ipfilter service specific configuration is stored with > the services themselves, how will the user know if a specific service > has an invalid ipfilter configuration? will that specific service > fail go into the maintainance state? or will the ipfilter:default > service go into the maintainance state? >
Hi Ed, In the current design, firewall is an value-add and doesn't affect service's availability. Thus, invalid policies would either generate an empty set of ipf rules or generate invalid ipf rules. In the case of invalid ipf rules, we try to validate the set of rules(ipf -n) to prevent network/ipfilter from going into maintenance which I believe is the current behavior if network/ipfilter is given a ipf.conf with invalid rules. Thanks, tony > > > On Wed, Sep 24, 2008 at 12:14:33PM +0200, Darren Reed wrote: >> I am submitting this case on behalf of Tony Nguyen. >> This case seeks to enable tieing together service availability in SMF >> with IPFilter for firewalling of access to them. >> This case is requesting patch/micro binding. >> The timeout has been set for Wednesday next week (30/9/2008.) >> >> Completed versions of the man pages being altered (ipf.1m, ipfilter.5) >> can be found in the case directory - only diffs are included in this email. >> >> Darren >>
