Securing the Network in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014

Guidelines for Using IP Filter

  • IP Filter is managed by the SMF service svc:/network/ipfilter. For a complete overview of SMF, see Chapter 1, Introduction to the Service Management Facility, in Managing System Services in Oracle Solaris 11.2 . For information on the step-by-step procedures that are associated with SMF, see Chapter 3, Administering Services, in Managing System Services in Oracle Solaris 11.2 .

  • IP Filter requires direct editing of configuration files.

  • IP Filter is installed as part of Oracle Solaris. By default, the IP Filter service is enabled when your system is configured to use automatic networking. The automatic network profile, as described on the nwam(5) and netadm(1M) man pages, enables this firewall. For a custom configuration on an automatically networked system, the IP Filter service is not enabled. For the tasks associated with enabling the service, see Configuring the IP Filter Service.

  • To administer IP Filter, you must assume the root role or be assigned the IP Filter Management rights profile. You can assign the IP Filter Management rights profile to a user or to a role that you create. To create the role and assign the role to a user, see Creating a Role in Securing Users and Processes in Oracle Solaris 11.2 .

  • Oracle Solaris Cluster software does not support filtering with IP Filter for scalable services, but does support IP Filter for failover services. For guidelines and restrictions when configuring IP Filter in a cluster, see “Oracle Solaris OS Feature Restrictions” in Oracle Solaris Cluster Software Installation Guide.

  • Filtering between zones is supported provided that the IP Filter rules are implemented in a zone that functions as a virtual router for the other zones on the system.