Part I Introducing System Administration: IP Services
1. Oracle Solaris TCP/IP Protocol Suite (Overview)
2. Planning Your TCP/IP Network (Tasks)
3. Introducing IPv6 (Overview)
4. Planning an IPv6 Network (Tasks)
5. Configuring TCP/IP Network Services and IPv4 Addressing (Tasks)
6. Administering Network Interfaces (Tasks)
7. Configuring an IPv6 Network (Tasks)
8. Administering a TCP/IP Network (Tasks)
9. Troubleshooting Network Problems (Tasks)
10. TCP/IP and IPv4 in Depth (Reference)
13. Planning for DHCP Service (Tasks)
14. Configuring the DHCP Service (Tasks)
15. Administering DHCP (Tasks)
16. Configuring and Administering the DHCP Client
17. Troubleshooting DHCP (Reference)
18. DHCP Commands and Files (Reference)
19. IP Security Architecture (Overview)
21. IP Security Architecture (Reference)
22. Internet Key Exchange (Overview)
24. Internet Key Exchange (Reference)
25. IP Filter in Oracle Solaris (Overview)
IPv6 Packet Filtering for IP Filter
Information Sources for Open Source IPFilter
Guidelines for Using IP Filter
Using IP Filter Configuration Files
Working With IP Filter Rule Sets
Using IP Filter's Packet Filtering Feature
Configuring Packet Filtering Rules
Using IP Filter's Address Pools Feature
IP Filter and the pfil STREAMS Module
28. Administering Mobile IP (Tasks)
29. Mobile IP Files and Commands (Reference)
30. Introducing IPMP (Overview)
31. Administering IPMP (Tasks)
Part VII IP Quality of Service (IPQoS)
32. Introducing IPQoS (Overview)
33. Planning for an IPQoS-Enabled Network (Tasks)
34. Creating the IPQoS Configuration File (Tasks)
35. Starting and Maintaining IPQoS (Tasks)
36. Using Flow Accounting and Statistics Gathering (Tasks)
Beginning with the Solaris 10 7/07 release, packet filter hooks replace the pfil module to enable IP filter. In previous Solaris releases, configuration of the pfil module was required as an additional step to set up IP Filter. This extra configuration requirement increased the risk of errors that would cause IP Filter to work improperly. The insertion of the pfil STREAMS module between IP and the device driver also caused performance degradation. Lastly, the pfil module could not perform packet interception between zones.
The use of packet filter hooks streamlines the procedure to enable IP Filter. Through these hooks, IP Filter uses pre-routing (input) and post-routing (output) filter taps to control packet flow into and out of the Oracle Solaris system.
Packet filter hooks eliminate the need for the pfil module. Thus the following components that are associated with the module are also removed.
pfil driver
pfil daemon
svc:/network/pfil SMF service
For tasks associated with enabling IP Filter, see Chapter 26, IP Filter (Tasks).