DevTech101

DevTech101
IPfilter is disabled by default. You need to use svcadm to enable, disable, start or stop the service. For initial setup of the service:
svccfg -s network/ipfilter:defaultsetprop firewall_config_default/policy = astring: custom
svccfg -s network/ipfilter:defaultsetprop firewall_config_default/custom_policy_file = astring: "/etc/ipf/ipf.conf"
svcadm refresh ipfilter
svcadm enable ipfilter
Starting and Stopping IPfilter
svcadm enable ipfilter
svcs -a | grep ipfilter
online         20:49:27svc:/network/ipfilter:default
Adding your own rules
#
# ipf.conf
#
# IP Filter rules to be loaded during startup
#
# pass out as if we were a single internet client
pass out log quick on localvnic0 proto tcp from dst_ip_addr/32 to any keep state
pass out log quick on localvnic0 proto udp from dst_ip_addr/32 to any keep state
pass out log quick on localvnic0 proto icmp from dst_ip_addr/32 to any keep state
#
# By default, block and log everything.
block in log quick all with short
block in log on localvnic0 all
#
pass in log quick on localvnic0 from src_ip to dst_ip/23 port = 22 keep state
pass in log quick on localvnic0 proto icmp from src_ip to dst_ip/23
#
pass in log quick on localvnic0 from src_ip to dst_ip_net/23 port = 22 keep state
pass in log quick on localvnic0 proto icmp from src_ip to dst_ip
Activating a new ipfilter rule

ipf -Fa -f /etc/ipf/ipf.conf

Testing IPF rule

ipfstat -io

Reference

http://wiki.joyent.com/wiki/display/jpc2/Using+IPFilter+Rules#UsingIPFilterRules-AllowinboundtrafficicmponlyfromaspecificIPaddress
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
%d bloggers like this: