Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Administration: IP Services Oracle Solaris 10 1/13 Information Library |
Part I Introducing System Administration: IP Services
1. Oracle Solaris TCP/IP Protocol Suite (Overview)
2. Planning Your TCP/IP Network (Tasks)
3. Introducing IPv6 (Overview)
4. Planning an IPv6 Network (Tasks)
5. Configuring TCP/IP Network Services and IPv4 Addressing (Tasks)
6. Administering Network Interfaces (Tasks)
7. Configuring an IPv6 Network (Tasks)
8. Administering a TCP/IP Network (Tasks)
9. Troubleshooting Network Problems (Tasks)
10. TCP/IP and IPv4 in Depth (Reference)
13. Planning for DHCP Service (Tasks)
14. Configuring the DHCP Service (Tasks)
15. Administering DHCP (Tasks)
16. Configuring and Administering the DHCP Client
17. Troubleshooting DHCP (Reference)
18. DHCP Commands and Files (Reference)
19. IP Security Architecture (Overview)
21. IP Security Architecture (Reference)
22. Internet Key Exchange (Overview)
24. Internet Key Exchange (Reference)
25. IP Filter in Oracle Solaris (Overview)
Packet Filter Hooks For Packet Filtering
IPv6 Packet Filtering for IP Filter
Information Sources for Open Source IP Filter
Using IP Filter Configuration Files
Using IP Filter's Packet Filtering Feature
Configuring Packet Filtering Rules
Using IP Filter's Address Pools Feature
IP Filter and the pfil STREAMS Module
27. Introducing IPMP (Overview)
28. Administering IPMP (Tasks)
Part VI IP Quality of Service (IPQoS)
29. Introducing IPQoS (Overview)
30. Planning for an IPQoS-Enabled Network (Tasks)
31. Creating the IPQoS Configuration File (Tasks)
32. Starting and Maintaining IPQoS (Tasks)
33. Using Flow Accounting and Statistics Gathering (Tasks)
IP Filter is managed by the SMF services svc:/network/pfil and svc:/network/ipfilter. For a complete overview of SMF, see Chapter 18, Managing Services (Overview), in Oracle Solaris Administration: Basic Administration. For information on the step-by-step procedures that are associated with SMF, see Chapter 19, Managing Services (Tasks), in Oracle Solaris Administration: Basic Administration.
IP Filter requires direct editing of configuration files.
IP Filter is installed as part of Oracle Solaris. By default, IP Filter is not activated after a fresh install. To configure filtering, you must edit configuration files and manually activate IP Filter. You can activate filtering by either rebooting the system or by plumbing the interfaces using the ifconfig command. For more information, see the ifconfig(1M) man page. For the tasks associated with enabling IP Filter, see Configuring IP Filter.
To administer IP Filter, you must be able to assume a role that includes the IP Filter Management rights profile, or become superuser. You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
IP Network Multipathing (IPMP) supports stateless filtering only.
For IP Filter to perform stateless filtering on traffic to and from an IPMP group, you must set the ipmp_hook_emulation parameter. By default, the parameter is set to zero (0), which means that IP Filter cannot perform stateful packet inspection of traffic on physical interfaces that belong to an IPMP group. To enable IPMP packet filtering, issue the following command:
ndd -set /dev/ip ipmp_hook_emulation 1
Oracle Solaris Cluster software does not support filtering with IP Filter for scalable services, but does support IP Filter for failover services. For guidelines and restrictions when configuring IP Filter in a cluster, see Oracle Solaris OS Feature Restrictions in Oracle Solaris Cluster Software Installation Guide.
Filtering between zones is supported provided that the IP Filter rules are implemented in a zone that functions as a virtual router for the other zones on the system.