Before You Begin
To run the ipfstat command, you must become an administrator who is assigned the IP Filter Management rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .
$ svccfg -s ipfilter:default listprop | grep file config/ipf6_config_file astring /etc/ipf/ipf6.conf config/ipnat_config_file astring /etc/ipf/ipnat.conf config/ippool_config_file astring /etc/ipf/ippool.conf firewall_config_default/custom_policy_file astring none
The first three file properties have default file locations. These files do not exist until you create them. If you change the location of a configuration file, you must change the property value for that file. For the procedure, see How to Create IP Filter Configuration Files.
You modify the fourth file property when you customize your own packet filtering rules. See Step 1 and Step 2 in How to Create IP Filter Configuration Files.
On a manually networked system, IP Filter is not enabled by default.
$ svcs -x ipfilter:default svc:/network/ipfilter:default (IP Filter) State: disabled since Mon Sep 10 10:10:50 2012 Reason: Disabled by an administrator. See: http://oracle.com/msg/SMF-8000-05 See: ipfilter(5) Impact: This service is not running.
On an automatically networked system on an IPv4 network, run the following command to view the IP Filter policy:
# ipfstat -io
To view the file that created the policy, read /etc/nwam/loc/NoNet/ipf.conf. This file is for viewing only.
To modify the policy, see How to Create IP Filter Configuration Files.