IPv6 for IP Filter

This security enhancement is new in the Solaris Express 12/05 release.

Solaris IP Filter has been enhanced to include IPv6 packet filtering. IPv6 packet filtering can filter based on the source IPv6 address, destination address, poolsl containing IPv6 addresses, and IPv6 extension headers.

The -6 option has been added to the ipf command for use with IPv6. Use the -6 option to load and flush IPv6 packet filtering rules. The ipstat command also has a -6 option, which is used to display IPv6 statistics.

Although there is no change to the command line interface for the ipmon and ippool commands, these commands also support IPv6. The ipmon command has been enhanced to accommodate the logging of IPv6 packets. The ippool command supports the creation of IPv6 pools.

You can use the ipf6.conf file to create packet filtering rule sets for IPv6. By default, the ipf6.conf configuration file is included in the /etc/ipf directory. As with the other filtering configuration files, the ipf6.conf file loads automatically during the boot process when it is stored in the /etc/ipf directory.

