Re: Getting ipfilter to work on Solaris 10

Ahah! I was doing "man ipf" and "man ipfstat" and things like that.
Doing "man ipfilter" revealed that I had to edit /etc/ipf/pfil.ap
to uncomment my interface. Did that, rebooted, ipfilter now works.
pfil is now in my hme0 module stack. It would be nice if pfil.ap
got modified automagically at boot time for whatever interfaces are
on the box. Thanks.

Jeff Earickson

On Tue, 15 Feb 2005 Casper.Dik@sun.com wrote:

> Date: Tue, 15 Feb 2005 22:49:33 +0100
> From: Casper.Dik@sun.com
> To: Jeff A. Earickson <jaearick@colby.edu>
> Cc: "Michael Lim(vpn)" <michael.lim@sun.com>, ipfilter@coombs.anu.edu.au
> Subject: Re: Getting ipfilter to work on Solaris 10
>
>
>> Ipfilter (4.0.2) on Solaris 10 (3/5) for Sparc flat does not work.
>> I have my old ipf.conf and ipnat.conf files from Solaris 9 for the
>> box in /etc/ipf (I was running ipfilter 3.4.31 in S9). I can see my
>> rules with "ipfstat -ioh", but nothing happens. Connections from
>> "outside" work with no incrementation of ipfstat counters. I'm not
>> happy about having a machine so available, especially after I ran
>> nmap against it and found all kinds of crap running (like "finger"??
>> Gimee a break!) A search of /var/adm/messages reveals:
>
>
> What does "ifconfig modlist" report for the interface in
> question?
>
> Start from "man ipfilter".
>
> Casper
>