Configuring NAT Using PF Firewall in Solaris 11 / 12 Zones

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Solaris 11/12 PF Firewall NAT Configuration Below is an update on how to configure NAT in Solaris 11/12, the original post used IPfilter(IPF). Since Solaris now officially switched to the BSD firewall(PF) I created the updated example below. Assumptions The network used in the kernel zones are 10.10.1.0/24 The network used on the global zone […]

Read More

Oracle ZFS Appliance(ZFSSA) LDAPS TLS / Diffie-Hellman(DH) SSL Rejected Due To Bit Length

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Workaround for Oracle ZFS Appliance(ZFSSA) LDAPS / TLS Reject When Using OUD I recently patched/upgraded firmware on a Oracle ZFS Appliance. Once the upgraded was completed, the ZFS Appliance LDAPS connections stopped working, the error was due to the ZFS Appliance rejecting the Diffie-Hellman(DH) Cipher being used in the LDAPS connections. It turns out the […]

Read More

How to export a certificate and private key to pkcs12 (p12) format

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Then use/provide the password at firefox import

Read More

Configuring Solaris 11 user as Primary Administrator

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Configuring a user as Primary Administrator in Solaris To configure a User in Solaris 11.2 as Primary Administrator follow the below steps Note: Primary Administrator was removed in Soalris 11.2 because its of a security concern.

/etc/security/prof_attr.d/core-os

/etc/security/exec_attr.d/core-os

Read More

Solaris IPFilter optimization

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

The default settings are quite conservative, and should be increased.

The default settings are quite conservative.

You need to shutdown IPFilter and apply larger table size limits.

To make this persistent across reboots edit ipf.conf

Check again to see if the change took effect.

Read More

Using IPFilter Rules

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

IPfilter is disabled by default. You need to use svcadm to enable, disable, start or stop the service. For initial setup of the service: svccfg -s network/ipfilter:defaultsetprop firewall_config_default/policy = astring: custom svccfg -s network/ipfilter:defaultsetprop firewall_config_default/custom_policy_file = astring: “/etc/ipf/ipf.conf” svcadm refresh ipfilter svcadm enable ipfilter Starting and Stopping IPfilter svcadm enable ipfilter svcs -a | grep ipfilter online         […]

Read More