Skip to Main Content
Forums

Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Solaris 11 ipfilter is not persistent after reboot

2614268Feb 24 2014 — edited Feb 26 2014

Hello,

I've scoured the internet for resolution but no one seems to be experiencing this issue with S11.


I edit the ipf.conf file rules for my machine

svccfg -s ipfilter:default setprop firewall_config_default/policy = astring: "custom"

svccfg -s ipfilter:default setprop firewall_config_default/policy_file = astring: "/etc/ipf/ipf.conf"

svcadm enable svc:/network/ipfilter:default

Everything populates upon service enable. ipfstat -io shows my list and no errors are returned.

However, when I reboot my server and type ipfstat -io the list is empty. I type svcs ipfilter and the service is listed on disabled

The simplest means of restarting ipfilter is by typing the following upon each reboot:

ipf -E

ipf -Fa -f /etc/ipf/ipf.conf

I cannot keep the service active with each reboot of the computer, nor the link between the service and the configuration file.

Any assistance is appreciated. Thanks

-----------------------------------------------------------------------

cat > /etc/ipf/ipf.conf << EOF

#

# ipf.conf

#

# IP Filter rules to be loaded during startup

#

# See ipf(4) manpage for more information on

# IP Filter rulipcoes syntax.

#

########################BLOCK###################################

# Block everything

block in all

# Block inbound traffic destined to the loopback

# address block from interfaces other than the loopback

block in log quick from 127.0.0.0/8 to any

block out log quick all with opt lsrr

block out log quick all with opt ssrr

# block short packets which are packets fragmented too short to be real.

block in log quick all with short

# block and log X11 (port 6000) and remote procedure call

# and portmapper (port 111) attempts

block in log quick proto tcp from any to port = 6000 keep state

block in log quick proto tcp from any to port = 111 keep state

block in log quick proto udp from any to port = 111 keep state

########################ALLOW###################################

# Allow all ICMP

pass in proto icmp from any to any

# allow SSH

pass in quick proto tcp from any to any port = 22 keep state

# allow napp-it

pass in quick proto tcp from any to any port = 81 keep state

# allow PRISM - HTTP

pass in quick proto tcp from any to any port = 80 keep state

# allow PRISM - Remote Desktop Protocol (RDP)

pass in quick proto tcp from any to any port = 3389 keep state

# allow SMB2 (CIFS)

pass in quick proto tcp from any to any port = 445 keep state

pass in quick proto tcp from any to any port = 137 keep state

pass in quick proto tcp from any to any port = 139 keep state

pass in quick proto udp from any to any port = 137 keep state

pass in quick proto udp from any to any port = 138 keep state

EOF
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 26 2014
Added on Feb 24 2014
#oracle-solaris, #solaris-11
7 comments
697 views