Monitoring includes viewing firewall service properties, viewing rules as they are running or viewing possible rule sets, and reviewing log files.
Before You Begin
You must become an administrator who is assigned the Network Firewall Management rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
$ svcs -x firewall:default svc:/network/firewall:default (Network Firewall) State: disabled since Fri Apr 10 10:10:50 2015 Reason: Disabled by an administrator. See: http://oracle.com/msg/SMF-8000-05 See: pf.conf(5) See: /var/svc/log/network-firewall:default.log Impact: This service is not running.
$ svcprop firewall:default | grep ^firewall firewall/default_rules_sha256 astring 7734b...bbb firewall/fingerprints astring /etc/firewall/pf.os firewall/rules astring /etc/firewall/pf.conf firewall/value_authorization astring solaris.smf.value.network.firewall
The following example shows output from the packet filtering rule set that is loaded in the kernel.
$ pfbash pfctl -s rules empty list for firewall(out) pass in quick on net1 from 198.51.100.0/27 to any flags S/SA block drop in on net1 all
The following command checks the syntax of a rules file. This check does not load rules into the kernel.
$ pfctl -n -f /test/firewall/pf.conf
You can use utilities that read files in libpcap format, such as tcpdump or tshark. For more information, see the tcpdump(1), tshark(1), and pcap (3PCAP) man pages.
Troubleshooting
If you expect log file entries but they are not in the log file, make sure that you have used a valid name for a capture datalink. Strings that match the following pattern are a safe choice for a capture datalink interface name: [a-z][:alnum:]*[0-9]. So, for example, dashes and underscores should not be used.