[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    trying to understand ipfilter and Solaris 10
From:       Damon Register <damon.register () comcast ! net>
Date:       2005-12-24 14:39:23
Message-ID: 43AD5D9B.9080401 () comcast ! net
[Download RAW message or body]

quotes taken from another thread on this list

 >That's because Solaris10 uses the Service Management Facility (SMF)
 >which is part of the new, predictive self-healing technology inside
 >of Solaris.
I am still trying to learn the new world (Solaris10) order

 >I guess Darren didn't see it fit to mention that IPFilter has been
 >integrated since we all knew he was in Bejing working at Sun's
 >office there to get it properly integrated into Solaris.
I am just getting into the Solaris 10 world and still have
a lot to learn.  Unfortunately the sysadmins at work are still
in the Solaris 5 (yes, we still use it) through 9 so I can't ask
them for help with the new Solaris 10 way.  What I don't
understand here is just what is the difference between the
new Solaris 10 way on which you say Darren worked and the
normal way?  If he worked to integrate it into Solaris 10,
why do I see posts about switch from Solaris 10 way back
to regular way?

I know a little about the new Solaris 10 smf but not a lot
yet.  I was trying to use fwbuilder to produce an ipfilter
firewall/nat router for Solaris 10 but was not getting very far.
A coworker found http://www.rite-group.com/consulting/solaris_nat.html
which seemed like a great thing for getting started.  Is there
anyone on this list that is sufficiently familiar with the
new Solaris 10 way for ipfilter?  I don't at this point want
to eliminate it for the normal ipfilter way discussed elsewhere
on this list.  Can someone what's the difference between
doing
svcadm enable ipfilter
and
ipf -E
Am I correct in thinking that perhaps the traditional ipf -E
existis just because it is still part of ipfilter even in
Solaris 10 but should be avoided in Solaris 10?  The setup at
http://www.rite-group.com/consulting/solaris_nat.html
seemed like an easy thing to try to get started but I haven't
gotten it to work.  In my earlier experiments with fwbuilder
I think I may have messed up ipfilter because fwbuilder was
doing things for Solaris 9.  "svcs ipfilter" showed disabled
so I enabled but it shows maintenance mode.  Can anyone
suggest what to do at this point?
http://www.phildev.net/ipf/IPFmail.html#mail3 shows some
things I need to put in a post but I would like to know: is this
all equally applicable to Solaris 10?  Are there other things
that one should do with Solaris 10?

Damon Register
[prev in list] [next in list] [prev in thread] [next in thread]