Darren Reed writes: > >Or if "family ether" is a good way to do this, why wouldn't we have > >"family inet" and "family inet6" and get rid of /etc/ipf/ipf6.conf? > > > >What's the intended direction? > > > > > > > In PSARC/2005/201, which was IPv6 for IPFilter, the direction from > PSARC was to move to a single configuration file for all of the filtering > statements - thus /etc/ipf/ipf6.conf was introduced as an obsolete > interface with the understanding that it would be subsumed in the > future by /etc/ipf/ipf.conf.
Sure. What's confusing me here is that we're not actually getting that merge. Instead, we're getting something new grafted onto /etc/ipf/ipf.conf, while IPv6 remains an outpost in /etc/ipf/ipf6.conf. > The background here is that the current > use of Ipv6 filtering outside of Solaris uses a separate file. Thus it > seemed to not make any sense to introduce a new file that would also > be obsolete at introduction - more importantly, there is no prior history > in open source for a separate file. OK ... so if I want to filter IPv6 packets using the new L2 mechanism, do I put the IPv6 rules into /etc/ipf/ipf.conf alone or do the "family ether" bits go into /etc/ipf/ipf.conf with the v6 "layer2"-tagged rules in /etc/ipf/ipf6.conf? (And, assuming you're not taking the other comments, do I then need "ip6-head" and perhaps even "ip6-nat" as directives?) -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
