IPFilter not functioning
818483Nov 24 2010 — edited Nov 27 2010I've just completed setting up ipfilter on a new Solaris 10 box. I followed all the steps in previous post. Everything looked good even ipfstatus showed everything as enabled and working. Off hand I then tried to connect from a blocked IP to this host. Surpisingly I was able to connect!!!
Here is what I did.
Step 1) Configured */etc/ipf/pfil.ap*...
----
e1000g -1 0 pfil +(Everything is tab deliminated and my physical interfaces are e1000g0 & e1000g1, it's dual nick server)+
Step 2) Configured */etc/ipf/ipf.conf*
----
pass in quick all
pass out quick all
block in log proto tcp from 192.168.30.6
block in log proto udp from 192.168.30.6
Step 3) Enabled and started pfil and ipfilter services...
----
svcadm enable /network/pfil
svcadm enable /network/ipfilter
_Step 4) Everything looked good... When I ran ipfstatus -hio I saw..._
----
12996 pass out quick all
50117 pass in quick all
0 block in log proto tcp from 192.168.30.6/32 to any
0 block in log proto udp from 192.168.30.6/32 to any
The problem happened when I logged into the blocked device from 192.168.30.6 and surprisingly was able connect via SSH!
I changed the rule from *192.168.30.6/32* to *192.168.30.0/24*, flushed the rules and restarted. Still I am able to login from 192.168.30.6.
The other interesting item, is that I am not getting any logs in my the standard log location of ipfilter, according to the sun docs it should be local0.debug. Sending a logger -p local1.error "Hello test" creates the text in the logfile, but nothing from ipfilter is seen in the same logfile.
-TIA!
Genemat