Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Administration: IP Services Oracle Solaris 11 Information Library |
1. Planning the Network Deployment
2. Considerations When Using IPv6 Addresses
3. Configuring an IPv4 Network
4. Enabling IPv6 on the Network
5. Administering a TCP/IP Network
7. Troubleshooting Network Problems
11. Administering the ISC DHCP Service
12. Configuring and Administering the DHCP Client
13. DHCP Commands and Files (Reference)
14. IP Security Architecture (Overview)
16. IP Security Architecture (Reference)
17. Internet Key Exchange (Overview)
19. Internet Key Exchange (Reference)
20. IP Filter in Oracle Solaris (Overview)
Information Sources for Open Source IP Filter
Using IP Filter Configuration Files
Using IP Filter's Packet Filtering Feature
Configuring Packet Filtering Rules
Using IP Filter's Address Pools Feature
Part IV Networking Performance
22. Integrated Load Balancer Overview
23. Configuration of Integrated Load Balancer (Tasks)
24. Virtual Router Redundancy Protocol (Overview)
25. VRRP Configuration (Tasks)
26. Implementing Congestion Control
Part V IP Quality of Service (IPQoS)
27. Introducing IPQoS (Overview)
28. Planning for an IPQoS-Enabled Network (Tasks)
29. Creating the IPQoS Configuration File (Tasks)
30. Starting and Maintaining IPQoS (Tasks)
31. Using Flow Accounting and Statistics Gathering (Tasks)
IP Filter is managed by the SMF services svc:/network/pfil and svc:/network/ipfilter. For a complete overview of SMF, see Chapter 18, Managing Services (Overview), in System Administration Guide: Basic Administration. For information on the step-by-step procedures that are associated with SMF, see Chapter 19, Managing Services (Tasks), in System Administration Guide: Basic Administration.
IP Filter requires direct editing of configuration files.
IP Filter is installed as part of Oracle Solaris. By default, IP Filter is not activated after a fresh install. To configure filtering, you must edit configuration files and manually activate IP Filter. You can activate filtering by either rebooting the system or by plumbing the interfaces using the ipadm command. For more information, see the ipadm(1M) man page. For the tasks associated with enabling IP Filter, see Configuring IP Filter.
To administer IP Filter, you must be able to assume a role that includes the IP Filter Management rights profile, or become superuser. You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
IP Network Multipathing (IPMP) supports stateless filtering only.
For IP Filter to perform stateless filtering on traffic to and from an IPMP group, you must set the ipmp_hook_emulation parameter. By default, the parameter is set to zero (0), which means that IP Filter cannot perform stateful packet inspection of traffic on physical interfaces that belong to an IPMP group. To enable IPMP packet filtering, issue the following command:
ndd -set /dev/ip ipmp_hook_emulation 1
Oracle Solaris Cluster software does not support filtering with IP Filter for scalable services, but does support IP Filter for failover services. For guidelines and restrictions when configuring IP Filter in a cluster, see Oracle Solaris OS Feature Restrictions in Oracle Solaris Cluster Software Installation Guide.
Filtering between zones is supported provided that the IP Filter rules are implemented in a zone that functions as a virtual router for the other zones on the system.