test

System Administration Guide: IP Services

ProcedureHow to Deactivate Oracle Solaris IP Filter on a NIC

If you need to stop filtering packets on a NIC, use the following procedure.

  1. Assume a role that includes the IP Filter Management rights profile, or become superuser.

    You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Start the file editor of your choice, and edit the /etc/ipf/pfil.ap file.

    This file contains the names of NICs on the host. The NICs that have been used to filter network traffic are uncommented. Comment out the device names that you no longer want to use to filter network traffic.


    # vi /etc/ipf/pfil.ap
# IP Filter pfil autopush setup
#
# See autopush(1M) manpage for more information.
#
# Format of the entries in this file is:
#
#major  minor lastminor modules

#le     -1      0       pfil
#qe     -1      0       pfil
#hme    -1      0       pfil (Commented-out device no longer filters network traffic)
#qfe    -1      0       pfil
#eri    -1      0       pfil
#ce     -1      0       pfil
#bge    -1      0       pfil
#be     -1      0       pfil
#vge    -1      0       pfil
#ge     -1      0       pfil
#nf     -1      0       pfil
#fa     -1      0       pfil
#ci     -1      0       pfil
#el     -1      0       pfil
#ipdptp -1      0       pfil
#lane   -1      0       pfil
#dmfe   -1      0       pfil

  3. Deactivate the NIC by using one of the following methods:

    • Reboot the machine.


      # reboot
      Note –

      Rebooting is required if you cannot safely use the ifconfig unplumb and ifconfig plumb commands on the NICs.

    • Deactivate the NICs by using the ifconfig command with the unplumb and plumb options. The inet6 version of each interface must be unplumbed in order to deactivate IPv6 packet filtering. Perform the following steps. The sample device in the system is hme:

      1. Identify the major number for the device you are deactivating.


        # grep hme /etc/name_to_major
hme 7

      2. Display the current autopush configuration for hme0. 


        # autopush -g -M 7 -m 0
   Major     Minor     Lastminor       Modules
       7      ALL          -           pfil

      3. Remove the autopush configuration.


        # autopush -r -M 7 -m 0

      4. Open the device and assign IP addresses to the device.


        # ifconfig hme0 unplumb
# ifconfig hme0 plumb 192.168.1.20  netmask 255.255.255.0  up
# ifconfig hme0 inet6 unplumb
# ifconfig hme0 inet6 plumb fec3:f840::1/96 up

        For more information about the ifconfig command, see the ifconfig(1M) man page.