Yes, and that does it but then I have to go in and remove all the quick statements that it automagically generates.

What I don't understand is when I check the settings, everything looks right..

|# svccfg -s ipfilter:default listprop firewall_config_default/policy
firewall_config_default/policy  astring  custom

||# svccfg -s ipfilter:default listprop 
firewall_config_default/custom_policy_file
firewall_config_default/custom_policy_file  astring  /etc/ipf/ipf.conf|

but....

I get this

[root@bio2:~]>ipfstat -i
pass in log quick proto tcp from any to any port = 45139 flags S/FSRPAU keep state pass in log quick proto tcp from any to any port = lockd flags S/FSRPAU keep state
pass in log quick proto udp from any to any port = lockd
pass in log quick proto tcp from any to any port = 59045 flags S/F

If I force it I get that plus my ipf.conf file and if I reboot I lose the changes to the properties of the ipfilter svc crap. As I said this is on a brand spanking new and clean unaltered 151a5 installation. This is a x2200m2 not that it matters.


On 07/18/12 09:16 AM, Lou Picciano wrote:
Daniel,


Yes, have found ipfilter to be quite fiddly... Have you tried to manually 
reload the filter rules with something like:
ipf -f /path/to/ipf.conf ? (or, similarly: ipnat -f (etc) ???


Lou Picciano

----- Original Message -----
From: "Daniel Kjar" <[email protected]>
To: "Discussion list for OpenIndiana" <[email protected]>
Sent: Wednesday, July 18, 2012 8:37:00 AM
Subject: [OpenIndiana-discuss] ipfilter frustrations again

How do you 'correctly' modify the ipfilter settings with this new
'ignore /etc/ipf/ipf.conf' set up in OI? I tried
following the directions on

http://hub.opensolaris.org/bin/view/Community+Group+on/2009022302

but nothing changes. This is on a fresh 151a5 install. How is a person supposed 
to do this without using a customized ipf.conf file? Is there a gui?

I can't get the damn thing to look at etc/ipf/ipf.conf and I modified the new 
default custom location /somewhere/incomprehensible/ipf.conf and that does 
nothing either.



--
Dr. Daniel Kjar
Assistant Professor of Biology
Division of Mathematics and Natural Sciences
Elmira College
1 Park Place
Elmira, NY 14901
607-735-1826
http://faculty.elmira.edu/dkjar

"...humans send their young men to war; ants send their old ladies"
        -E. O. Wilson




_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss

Reply via email to