Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Administration: IP Services Oracle Solaris 11 Information Library |
1. Planning the Network Deployment
2. Considerations When Using IPv6 Addresses
3. Configuring an IPv4 Network
4. Enabling IPv6 on the Network
5. Administering a TCP/IP Network
7. Troubleshooting Network Problems
11. Administering the ISC DHCP Service
12. Configuring and Administering the DHCP Client
13. DHCP Commands and Files (Reference)
14. IP Security Architecture (Overview)
16. IP Security Architecture (Reference)
17. Internet Key Exchange (Overview)
19. Internet Key Exchange (Reference)
20. IP Filter in Oracle Solaris (Overview)
How to Enable Loopback Filtering
Working With IP Filter Rule Sets
Managing Packet Filtering Rule Sets for IP Filter
How to View the Active Packet Filtering Rule Set
How to View the Inactive Packet Filtering Rule Set
How to Activate a Different or Updated Packet Filtering Rule Set
How to Remove a Packet Filtering Rule Set
How to Append Rules to the Active Packet Filtering Rule Set
How to Append Rules to the Inactive Packet Filtering Rule Set
How to Switch Between Active and Inactive Packet Filtering Rule Sets
How to Remove an Inactive Packet Filtering Rule Set From the Kernel
Managing NAT Rules for IP Filter
How to Append Rules to the NAT Rules
Managing Address Pools for IP Filter
How to View Active Address Pools
How to Append Rules to an Address Pool
Displaying Statistics and Information for IP Filter
How to View State Tables for IP Filter
How to View State Statistics for IP Filter
How to View NAT Statistics for IP Filter
How to View Address Pool Statistics for IP Filter
Working With Log Files for IP Filter
How to Set Up a Log File for IP Filter
How to View IP Filter Log Files
How to Flush the Packet Log File
How to Save Logged Packets to a File
Creating and Editing IP Filter Configuration Files
How to Create a Configuration File for IP Filter
IP Filter Configuration File Examples
Part IV Networking Performance
22. Integrated Load Balancer Overview
23. Configuration of Integrated Load Balancer (Tasks)
24. Virtual Router Redundancy Protocol (Overview)
25. VRRP Configuration (Tasks)
26. Implementing Congestion Control
Part V IP Quality of Service (IPQoS)
27. Introducing IPQoS (Overview)
28. Planning for an IPQoS-Enabled Network (Tasks)
29. Creating the IPQoS Configuration File (Tasks)
30. Starting and Maintaining IPQoS (Tasks)
31. Using Flow Accounting and Statistics Gathering (Tasks)
You might want to deactivate or disable packet filtering and NAT under the following circumstances:
For testing purposes
To troubleshoot system problems when you think the problems are caused by IP Filter
The following task map identifies the procedures associated with deactivating or disabling IP Filter features.
Table 21-2 Deactivating and Disabling IP Filter (Task Map)
|
The following procedure deactivates IP Filter packet filtering by flushing the packet filtering rules from the active filtering rule set. The procedure does not disable IP Filter. You can reactivate IP Filter by adding rules to the rule set.
You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Remove the active rule set from the kernel.
# ipf -Fa
This command deactivates all packet filtering rules.
Remove incoming packet filtering rules.
# ipf -Fi
This command deactivates packet filtering rules for incoming packets.
Remove outgoing packet filtering rules.
# ipf -Fo
This command deactivates packet filtering rules for outgoing packets.
The following procedure deactivates IP Filter NAT rules by flushing the NAT rules from the active NAT rules set. The procedure does not disable IP Filter. You can reactivate IP Filter by adding rules to the rule set.
You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
# ipnat -FC
The -C option removes all entries in the current NAT rule listing. The -F option removes all active entries in the current NAT translation table, which shows the currently active NAT mappings.
When you run this procedure, both packet filtering and NAT are removed from the kernel. If you use this procedure, you must re-enable IP Filter in order to reactivate packet filtering and NAT. For more information, see How to Re-Enable IP Filter.
You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
# ipf –D
Note - The ipf -D command flushes the rules from the rule set. When you re-enable filtering, you must add rules to the rule set.