A look at the service script might help isolate the problem more /lib/svc/method/ipfilter
There are some interesting comments in it that might be related. Mike On Wed, 2012-07-18 at 09:34 -0400, Daniel Kjar wrote: > Yes, and that does it but then I have to go in and remove all the quick > statements that it automagically generates. > > What I don't understand is when I check the settings, everything looks > right.. > > |# svccfg -s ipfilter:default listprop firewall_config_default/policy > firewall_config_default/policy astring custom > > ||# svccfg -s ipfilter:default listprop > firewall_config_default/custom_policy_file > firewall_config_default/custom_policy_file astring /etc/ipf/ipf.conf| > > but.... > > I get this > > [root@bio2:~]>ipfstat -i > pass in log quick proto tcp from any to any port = 45139 flags S/FSRPAU > keep state > pass in log quick proto tcp from any to any port = lockd flags S/FSRPAU > keep state > pass in log quick proto udp from any to any port = lockd > pass in log quick proto tcp from any to any port = 59045 flags S/F > > If I force it I get that plus my ipf.conf file and if I reboot I lose > the changes to the properties of the ipfilter svc crap. As I said this > is on a brand spanking new and clean unaltered 151a5 installation. This > is a x2200m2 not that it matters. > > > On 07/18/12 09:16 AM, Lou Picciano wrote: > > Daniel, > > > > > > Yes, have found ipfilter to be quite fiddly... Have you tried to manually > > reload the filter rules with something like: > > ipf -f /path/to/ipf.conf ? (or, similarly: ipnat -f (etc) ??? > > > > > > Lou Picciano > > > > ----- Original Message ----- > > From: "Daniel Kjar" <dk...@elmira.edu> > > To: "Discussion list for OpenIndiana" <openindiana-discuss@openindiana.org> > > Sent: Wednesday, July 18, 2012 8:37:00 AM > > Subject: [OpenIndiana-discuss] ipfilter frustrations again > > > > How do you 'correctly' modify the ipfilter settings with this new > > 'ignore /etc/ipf/ipf.conf' set up in OI? I tried > > following the directions on > > > > http://hub.opensolaris.org/bin/view/Community+Group+on/2009022302 > > > > but nothing changes. This is on a fresh 151a5 install. How is a person > > supposed to do this without using a customized ipf.conf file? Is there a > > gui? > > > > I can't get the damn thing to look at etc/ipf/ipf.conf and I modified the > > new default custom location /somewhere/incomprehensible/ipf.conf and that > > does nothing either. > > > > >
_______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
