'Re: The new way of life with Solaris10'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: The new way of life with Solaris10
From:       Jorgen Lundman <lundman () lundman ! net>
Date:       2005-02-24 1:51:25
Message-ID: 421D331D.7020308 () lundman ! net
[Download RAW message or body]


In an attempt to try to learn of the Solaris 10 way to start things..

# cp /lib/svc/method/pfil     /lib/svc/method/pfil.dist
# cp /lib/svc/method/ipfilter /lib/svc/method/ipfilter.dist
# svcadm disable pfil
# svcadm disable ipfilter
# pkgrm SUNWipfu
# pkgrm SUNWipfr
# pkgadd -d /tmp/pfil.pkg  (or whereever, I use patches 1, 2 and 4 from John).
# pkgadd -d $your_sources/ipf.pkg
# rm /etc/rc2.d/S65ipfboot
# rm /etc/rc2.d/S10pfil
# mv /etc/opt/pfil/ui.ap /etc/ipf/pfil.ap
# svcadm enable pfil
# svcadm enable ipfilter
# cp /lib/svc/method/pfil.dist     /lib/svc/method/pfil
# cp /lib/svc/method/ipfilter.dist /lib/svc/method/ipfilter
# reboot

Yeah I copy the dist files back after I enable it, so it fails to start - That 
way we can reboot before it tries to load things.

Hey, I just noticed ipf -T list  - why didn't someone tell me about that! ;)

Seems to come up ok.

Lund

John Wehle wrote:
>>Firstly, if you were to disable ipfilter using svcadm and rely on
>>/etc/rc2.d/S65ipfboot, ipfilter will start too late.
> 
> 
> The recipe we're playing with is:
> 
>   pkgrm SUNWipfu
>   pkgrm SUNWipfr
> 
>   svcadm disable network/pfil
> 
>   install pfil 2.1.5 + patches
>   install ipfilter 4.1.6
> 
>   add:
> 
>     pp::sysinit:/sbin/autopush -f /etc/opt/pfil/iu.ap
> 
>   to /etc/inittab right after:
> 
>     ap::sysinit:/sbin/autopush -f /etc/iu.ap
> 
> and reply on S65ipfboot to take care of doing the modinsert for the
> tunnels.
> 
> Comments welcomed.
> 
> -- John
> 
> PS: Hopefully Sun will release a patch which updates their package
> to pfil 2.1.5 / ipfilter 4.1.6 at which point we'll probably switch
> back to using SUNWipfr / SUNWipfu.
> -------------------------------------------------------------------------
> |   Feith Systems  |   Voice: 1-215-646-8000  |  Email: john@feith.com  |
> |    John Wehle    |     Fax: 1-215-540-5495  |                         |
> -------------------------------------------------------------------------
> 
> 

-- 
Jorgen Lundman       | <lundman@lundman.net>
Unix Administrator   | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo    | +81 (0)90-5578-8500          (cell)
Japan                | +81 (0)3 -3375-1767          (home)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic