|Skip Navigation Links|
|Exit Print View|
|System Administration Guide: IP Services Oracle Solaris 11 Express 11/10|
In the current release, packet filter hooks replace the pfil module to enable IP filter. In previous Solaris releases, configuration of the pfil module was required as an additional step to set up IP Filter. This extra configuration requirement increased the risk of errors that would cause IP Filter to work improperly. The insertion of the pfil STREAMS module between IP and the device driver also caused performance degradation. Lastly, the pfil module could not perform packet interception between zones.
The use of packet filter hooks streamlines the procedure to enable IP Filter. Through these hooks, IP Filter uses pre-routing (input) and post-routing (output) filter taps to control packet flow into and out of the Oracle Solaris system.
Packet filter hooks eliminate the need for the pfil module. Thus the following components that are associated with the module are also removed.
svc:/network/pfil SMF service
For tasks associated with enabling IP Filter, see Chapter 25, IP Filter (Tasks).