System Administration Guide: IP Services
Previous Next

Guidelines for Using Solaris IP Filter

  • Solaris IP Filter is managed by the SMF services svc:/network/pfil and svc:/network/ipfilter. For a complete overview of SMF, see Chapter 14, Managing Services (Overview), in System Administration Guide: Basic Administration. For information on the step-by-step procedures that are associated with SMF, see Chapter 15, Managing Services (Tasks), in System Administration Guide: Basic Administration.

  • Solaris IP Filter requires direct editing of configuration files.

  • Solaris IP Filter is installed as part of the Solaris OS. By default, Solaris IP Filter is not activated after a fresh install. To configure filtering, you must edit configuration files and manually activate Solaris IP Filter. You can activate filtering by either rebooting the system or by plumbing the interfaces using the ifconfig command. For more information, see the ifconfig(1M) man page. For the tasks associated with enabling Solaris IP Filter, see Configuring Solaris IP Filter.

  • To administer Solaris IP Filter, you must be able to assume a role that includes the IP Filter Management rights profile, or become superuser. You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  • IP Network Multipathing (IPMP) supports stateless filtering only.

  • Sun Cluster configurations do not support filtering with Solaris IP Filter.

  • Filtering between zones is not currently supported with Solaris IP Filter.

Previous Next