test

System Administration Guide: IP Services

Managing Address Pools for Oracle Solaris IP Filter

Use the following procedures to manage, view, and modify address pools.

ProcedureHow to View Active Address Pools

  1. Assume a role that includes the IP Filter Management rights profile, or become superuser.

    You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. View the active address pool.


    # ippool -l
Example 26–14 Viewing the Active Address Pool

The following example shows how to view the contents of the active address pool.


# ippool -l
table role = ipf type = tree number = 13
        { 10.1.1.1/32, 10.1.1.2/32, 192.168.1.0/24; };

ProcedureHow to Remove an Address Pool

  1. Assume a role that includes the IP Filter Management rights profile, or become superuser.

    You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Remove the entries in the current address pool.


    # ippool -F
Example 26–15 Removing an Address Pool

The following example shows how to remove an address pool.


# ippool -l
table role = ipf type = tree number = 13
        { 10.1.1.1/32, 10.1.1.2/32, 192.168.1.0/24; };
# ippool -F
1 object flushed
# ippool -l

ProcedureHow to Append Rules to an Address Pool

  1. Assume a role that includes the IP Filter Management rights profile, or become superuser.

    You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Use one of the following methods to append rules to the active rule set:

    • Append rules to the rule set at the command line using the ippool -f - command.


      # echo "table role = ipf type = tree number = 13 
{10.1.1.1/32, 10.1.1.2/32, 192.168.1.0/24};" | ippool -f -

    • Perform the following commands:

      1. Create additional address pools in a file of your choice.

      2. Add the rules you have created to the active address pool.


        # ippool -f filename

        The rules in filename are added to the end of the active address pool.

Example 26–16 Appending Rules to an Address Pool

The following example shows how to add an address pool to the address pool rule set from the command line.


# ippool -l
table role = ipf type = tree number = 13
        { 10.1.1.1/32, 10.1.1.2/32, 192.168.1.0/24; };
# echo "table role = ipf type = tree number = 100
 {10.0.0.0/32, 172.16.1.2/32, 192.168.1.0/24};" | ippool -f -
# ippool -l
table role = ipf type = tree number = 100
        { 10.0.0.0/32, 172.16.1.2/32, 192.168.1.0/24; };
table role = ipf type = tree number = 13
        { 10.1.1.1/32, 10.1.1.2/32, 192.168.1.0/24; };