[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    using ipfilter on not all interfaces, sol 10
From:       Tom Ploegmakers <tom.ploegmakers () asml ! com>
Date:       2005-11-10 15:53:48
Message-ID: 20051110155348.GB762 () wsasd060 ! asml ! nl
[Download RAW message or body]

Hi list,

I'm trying to setup an ipfilter configuration. I try to use the stock
ipfilter in solaris 10 (with patch 118923-04).

For performance reasons I want ipfilter to not touch traffic on bge1 and
bge2. bge0 and bge3 can and need to be filtered. For starters I try bge0
only.  When I try in /etc/ipf/pfil.ap a line like:
  
  bge     1      0       pfil

i.e. only filter on bge minor 1 (which is bge0) ipfilter does not start.
scvs network/ipfilter shows maintenance.
In  /var/svc/log/network-ipfilter:default.log it says 
  'pfil not plumbed on any network interfaces'

In /etc/svc/volatile/network-pfil:default.log I find
  '/lib/svc/method/pfil: svcprop: not found'
but this error is there always and seems a simple PATH error in a startup
script.

So: what is wrong? I see no usefull log information to get further.
Has anyone tried to filter on a single minor?

TIA, tom.
-- 
Tom Ploegmakers, ASML 7H4.005, (+31)40 268 6238 
-- 
When in danger or in doubt, run in circles, scream and shout.
    -- Robert A.  Heinlein,


-- 
The information contained in this communication and any attachments is confidential \
and may be privileged, and is for the sole use of the intended recipient(s). Any \
unauthorized review, use, disclosure or distribution is prohibited. If you are not \
the intended recipient, please notify the sender immediately by replying to this \
message and destroy all copies of this message and any attachments. ASML is neither \
liable for the proper and complete transmission of the information contained in this \
communication, nor for any delay in its receipt.


[prev in list] [next in list] [prev in thread] [next in thread]