JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: IP Services     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information

Preface

Part I TCP/IP Administration

1.  Planning an IPv4 Addressing Scheme (Tasks)

2.  Planning an IPv6 Addressing Scheme (Overview)

3.  Planning an IPv6 Network (Tasks)

4.  Configuring TCP/IP Network Services and IPv4 Addressing (Tasks)

5.  Enabling IPv6 on a Network (Tasks)

6.  Administering a TCP/IP Network (Tasks)

7.  Configuring IP Tunnels

8.  Troubleshooting Network Problems (Tasks)

9.  TCP/IP and IPv4 in Depth (Reference)

10.  IPv6 in Depth (Reference)

Part II DHCP

11.  About DHCP (Overview)

12.  Planning for DHCP Service (Tasks)

13.  Configuring the DHCP Service (Tasks)

14.  Administering DHCP (Tasks)

15.  Configuring and Administering the DHCP Client

16.  Troubleshooting DHCP (Reference)

17.  DHCP Commands and Files (Reference)

Part III IP Security

18.  IP Security Architecture (Overview)

19.  Configuring IPsec (Tasks)

20.  IP Security Architecture (Reference)

21.  Internet Key Exchange (Overview)

22.  Configuring IKE (Tasks)

23.  Internet Key Exchange (Reference)

24.  IP Filter in Oracle Solaris (Overview)

25.   IP Filter (Tasks)

Configuring IP Filter

How to Enable IP Filter

How to Re-Enable IP Filter

How to Enable Loopback Filtering

Deactivating and Disabling IP Filter

How to Deactivate Packet Filtering

How to Deactivate NAT

How to Disable Packet Filtering

Working With IP Filter Rule Sets

Managing Packet Filtering Rule Sets for IP Filter

How to View the Active Packet Filtering Rule Set

How to View the Inactive Packet Filtering Rule Set

How to Activate a Different or Updated Packet Filtering Rule Set

How to Remove a Packet Filtering Rule Set

How to Append Rules to the Active Packet Filtering Rule Set

How to Append Rules to the Inactive Packet Filtering Rule Set

How to Switch Between Active and Inactive Packet Filtering Rule Sets

How to Remove an Inactive Packet Filtering Rule Set From the Kernel

Managing NAT Rules for IP Filter

How to View Active NAT Rules

How to Remove NAT Rules

How to Append Rules to the NAT Rules

Managing Address Pools for IP Filter

How to View Active Address Pools

How to Remove an Address Pool

How to Append Rules to an Address Pool

Displaying Statistics and Information for IP Filter

How to View State Tables for IP Filter

How to View State Statistics for IP Filter

How to View NAT Statistics for IP Filter

How to View Address Pool Statistics for IP Filter

Working With Log Files for IP Filter

How to Set Up a Log File for IP Filter

How to View IP Filter Log Files

How to Flush the Packet Log File

How to Save Logged Packets to a File

Creating and Editing IP Filter Configuration Files

How to Create a Configuration File for IP Filter

IP Filter Configuration File Examples

Part IV Networking Performance

26.  Integrated Load Balancer Overview

27.  Configuration of Integrated Load Balancer Tasks

28.  Virtual Router Redundancy Protocol (Overview)

29.  VRRP Configuration (Tasks)

30.  Implementing Congestion Control

Part V IP Quality of Service (IPQoS)

31.  Introducing IPQoS (Overview)

32.  Planning for an IPQoS-Enabled Network (Tasks)

33.  Creating the IPQoS Configuration File (Tasks)

34.  Starting and Maintaining IPQoS (Tasks)

35.  Using Flow Accounting and Statistics Gathering (Tasks)

36.  IPQoS in Detail (Reference)

Glossary

Index

Deactivating and Disabling IP Filter

You might want to deactivate or disable packet filtering and NAT under the following circumstances:

The following task map identifies the procedures associated with deactivating or disabling IP Filter features.

Table 25-2 Deactivating and Disabling IP Filter (Task Map)

Task
Description
For Instructions
Deactivate packet filtering.
Deactivate packet filtering using the ipf command.
Deactivate NAT.
Deactivate NAT using the ipnat command.
Disable packet filtering and NAT.
Disable packet filtering and NAT using the ipf command.

How to Deactivate Packet Filtering

The following procedure deactivates IP Filter packet filtering by flushing the packet filtering rules from the active filtering rule set. The procedure does not disable IP Filter. You can reactivate IP Filter by adding rules to the rule set.

  1. Assume a role that includes the IP Filter Management rights profile, or become superuser.

    You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring and Using RBAC (Task Map) in System Administration Guide: Security Services.

  2. Use one of the following methods to deactivate IP Filter rules:
    • Remove the active rule set from the kernel.

      # ipf -Fa

      This command deactivates all packet filtering rules.

    • Remove incoming packet filtering rules.

      # ipf -Fi

      This command deactivates packet filtering rules for incoming packets.

    • Remove outgoing packet filtering rules.

      # ipf -Fo

      This command deactivates packet filtering rules for outgoing packets.

How to Deactivate NAT

The following procedure deactivates IP Filter NAT rules by flushing the NAT rules from the active NAT rules set. The procedure does not disable IP Filter. You can reactivate IP Filter by adding rules to the rule set.

  1. Assume a role that includes the IP Filter Management rights profile, or become superuser.

    You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring and Using RBAC (Task Map) in System Administration Guide: Security Services.

  2. Remove NAT from the kernel.
    # ipnat -FC

    The -C option removes all entries in the current NAT rule listing. The -F option removes all active entries in the current NAT translation table, which shows the currently active NAT mappings.

How to Disable Packet Filtering

When you run this procedure, both packet filtering and NAT are removed from the kernel. If you use this procedure, you must re-enable IP Filter in order to reactivate packet filtering and NAT. For more information, see How to Re-Enable IP Filter.

  1. Assume a role that includes the IP Filter Management rights profile, or become superuser.

    You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring and Using RBAC (Task Map) in System Administration Guide: Security Services.

  2. Disable packet filtering and allow all packets to pass into the network.
    # ipf –D

    Note - The ipf -D command flushes the rules from the rule set. When you re-enable filtering, you must add rules to the rule set.