Re: upgrading ipfilter or pfil on Solaris 10?

> On Sun, 14 May 2006, Darren Reed wrote:
>
> > Date: Sun, 14 May 2006 21:43:27 +1000 (EST)
> > From: Darren Reed <darrenr@reed.wattle.id.au>
> > To: Jeff A. Earickson <jaearick@colby.edu>
> > Cc: ipfilter@coombs.anu.edu.au
> > Subject: Re: upgrading ipfilter or pfil on Solaris 10?
> >
> >> Gang,
> >>
> >> While I'm the author of the how-to on replacing Sun's ipfilter
> >> with the public domain version at:
> >>
> >> http://www.colby.edu/personal/j/jaea...filter.upgrade
> >>
> >> I have never upgraded ipfilter or pfil from one version to another
> >> on any of my Solaris 10 boxes. I need to do so. Anybody have
> >> any advice, warnings, or gotchas on this topic? Or is this new
> >> territory that needs to be documented?
> >
> > pkgrm ipfx
> > pkgrm ipf
> > pkgrm pfil
> > reboot
> > pkgadd pfil
> > pkgadd ipf
> > pkgadd ipfx
> >
> > You asked in another email whether or not the reboot is avoidable.
> > Yes, it is, but avoiding it means unplumb'ing all of your interfaces.
>
> Isn't doing the pkgrm's without modunloading the modules first a bad idea?
> Kind of like shifting gears without using the clutch -- horrible
> grinding sounds???

I think you'll find that the remove scripts for ipf/pfil use rem_drv,
which removes the driver from Solaris's knowledge and then says "will
unload on next reboot."

Darren