|Skip Navigation Links|
|Exit Print View|
|System Administration Guide: IP Services Oracle Solaris 10 8/11 Information Library|
Note - The pfil module is used with IP filter only on the following Solaris releases:
Solaris 10 3/05 release
Solaris 10 1/06 release
Solaris 10 6/06 release
Solaris 10 11/06 release
Beginning with the Solaris 10 7/07 release, the pfil module has been replaced by packet filter hooks and is no longer used with IP filter.
The pfil STREAMS module is required to enable IP Filter. However, IP Filter does not provide an automatic mechanism to push the module on to every interface. Instead, the pfil STREAMS module is managed by the SMF service svc:/network/pfil. To activate filtering on a network interface, you first configure the pfil.ap file. Then you activate the svc:/network/pfil service to supply the pfil STREAMS module to the network interface. For the STREAMS module to take effect, the system must be rebooted or each network interface on which you want filtering must be unplumbed and then re-plumbed. To activate IPv6 packet filtering capabilities, you need to plumb the inet6 version of the interface.
If no pfil modules are found for the network interfaces, the SMF services are put into a maintenance state. The most common cause of this situation is an incorrectly edited /etc/ipf/pfil.ap file. If the service is put into maintenance mode, the occurrence is logged in the filtering log files.
For tasks associated with activating IP Filter, see Configuring IP Filter.