How to Create a Configuration File for Solaris IP <meta http-equiv="refresh" content="0;url='http://www.oracle.com/pls/topic/lookup?ctx=solaris11'"> Filter (System Administration Guide: IP Services)

System Administration Guide: IP Services

How to Create a Configuration File for Solaris IP Filter

The following procedure describes how to set up the following:

Packet filtering configuration files
NAT rules configuration files
Address pool configuration files

Assume a role that includes the IP Filter Management rights profile, or become superuser.

You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

Start the file editor of your choice. Create or edit the configuration file for the feature you want to configure.
- To create a configuration file for packet filtering rules, edit the ipf.conf file.
  
  Solaris IP Filter uses the packet filtering rules that you put in to the ipf.conf file. If you locate the rules file for packet filtering in the /etc/ipf/ipf.conf file, this file is loaded when the system is booted. If you do not want the filtering rules to be loaded at boot time, put the in a file of your choice. You can then activate the rules with the ipf command, as described in How to Activate a Different or Updated Packet Filtering Rule Set.
  
  See Using Solaris IP Filter's Packet Filtering Feature for information about creating packet filtering rules.
  
  Note –
  If the ipf.conf file is empty, there is no filtering. An empty ipf.conf file is the same as having a rule set that reads:
  pass in all pass out all
- To create a configuration file for NAT rules, edit the ipnat.conf file.
  
  Solaris IP Filter uses the NAT rules that you put in to the ipnat.conf file. If you locate the rules file for NAT in the /etc/ipf/ipnat.conf file, this file is loaded when the system is booted. If you do not want the NAT rules loaded at boot time, put the ipnat.conf file in a location of your choice. You can then activate the NAT rules with the ipnat command.
  
  See Using Solaris IP Filter's NAT Feature for information about creating rules for NAT.
- To create a configuration file for address pools, edit the ippool.conf file.
  
  Solaris IP Filter uses the pool of addresses that you put in to the ippool.conf file. If you locate the rules file for the pool of addresses in the /etc/ipf/ippool.conf file, this file is loaded when the system is booted. If you do not want the pool of addresses loaded at boot time, put the ippool.conf file in a location of your choice. You can then activate the pool of addresses with the ippool command.
  
  See Using Solaris IP Filter's Address Pools Feature for information about creating address pools.