IP Filter configuration on Solaris 10

From: Andreas Höschler (ahoesch_at_smartsoft.de)
Date: 11/07/05

  • Next message: Andreas Höschler: "Solaris 10 and IP Filter" 
    Date: Mon, 7 Nov 2005 17:41:19 +0100
To: sunmanagers@sunmanagers.org

    Dear managers,

    I am trying to get IP Filter to work on an upgraded Solaris machine.
    Under Solaris 9 the following /etc/ipf/ipf.conf worked well.

    block in log on bge2

    pass in quick on bge2 proto tcp from any to any port = 22 keep state
    pass in quick on bge2 proto tcp from any to any port = 25 keep state
    pass in quick on bge2 proto tcp/udp from any to any port = 53 keep state
    pass in quick on bge2 proto tcp from any to any port = 80 keep state
    pass in quick on bge2 proto tcp from any to any port = 443 keep state
    pass in quick on bge2 proto tcp from any to any port = 993 keep state
    pass in quick on bge2 proto tcp from any to any port = 995 keep state
    pass in quick on bge2 proto tcp from any to any port = 60000 keep state
    pass in quick on bge2 proto tcp from any to any port = 60001 keep state
    pass in quick on bge2 proto tcp from any to any port = 60002 keep state
    pass in quick on bge2 proto tcp from any to any port = 60004 keep state
    pass in quick on bge2 proto tcp from any to any port = 60006 keep state
    pass in quick on bge2 proto tcp from any to any port = 20020 keep state
    pass in quick on bge2 proto tcp from any to any port = 1508 keep state
    pass in quick on bge2 proto tcp from any to any port = 61520 keep state
    pass in quick on bge2 proto tcp from any to any port = 61521 keep state
    pass in quick on bge2 proto tcp from any to any port = 61000 keep state
    pass in quick on bge2 proto tcp from any to any port = 47000 keep state
    pass in quick on bge2 proto tcp/udp from any to any port = 1194 keep
    state

    pass out quick on bge2 proto tcp/udp from any to any keep state
    pass out quick on bge2 proto icmp from any to any keep state

    On Solaris 10 not one line is accepted.

    ...
    13:ioctl(add/insert rule): Bad file number
    14:ioctl(add/insert rule): Bad file number
    16:ioctl(add/insert rule): Bad file number
    17:ioctl(add/insert rule): Bad file number
    18:ioctl(add/insert rule): Bad file number
    21:ioctl(add/insert rule): Bad file number
    ...

    Can anybody send me his config file as an example? Thanks a lot!

    Regards,

       Andreas
    _______________________________________________
    sunmanagers mailing list
    sunmanagers@sunmanagers.org
    http://www.sunmanagers.org/mailman/listinfo/sunmanagers

  • Next message: Andreas Höschler: "Solaris 10 and IP Filter"