The following procedures manage, view, and modify address pools.
Before You Begin
You must become an administrator who is assigned the IP Filter Management rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
The following example shows how to view the contents of the active address pool.
# ippool -l table role = ipf type = tree number = 13 { 192.0.2.64/27, 192.0.2.0/27, 198.51.100.0/27; };
Before You Begin
You must become an administrator who is assigned the IP Filter Management rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
# ippool -F
The following example shows how to remove an address pool.
# ippool -l table role = ipf type = tree number = 13 { 192.0.2.64/27, 192.0.2.0/27, 198.51.100.0/27; }; # ippool -F 1 object flushed # ippool -l
Appending rules to an existing rule set can be useful when testing or troubleshooting. The IP Filter service remains enabled when the rules are added. However, when the service is refreshed, restarted, or enabled, the address pool rules are lost, unless they exist in a file that is a property of the IP Filter service.
Before You Begin
You must become an administrator who is assigned the IP Filter Management rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
Append rules to the rule set at the command line using the ippool -f - command.
# echo "table role = ipf type = tree number = 13 {192.0.2.64/27, 192.0.2.0/27, 198.51.100.0/27};" | ippool -f -
These appended rules are not part of IP Filter configuration when the service is refreshed, restarted, or enabled.
Perform the following commands:
Create additional address pools in a file of your choice.
Add the rules that you have created to the active address pool.
# ippool -f filename
The rules in filename are added to the end of the active address pool.
Follow the instructions in How to Append Rules to the Active Packet Filtering Rule Set.
The following example shows how to add an address pool to the address pool rule set from the command line.
# ippool -l table role = ipf type = tree number = 13 { 192.0.2.64/27, 192.0.2.0/27, 198.51.100.0/27; }; # echo "table role = ipf type = tree number = 100 {192.0.2.0/27, 203.0.113.2/32, 198.51.100.0/27};" | ippool -f - # ippool -l table role = ipf type = tree number = 100 { 192.0.2.0/27, 203.0.113.2/32, 198.51.100.0/27; }; table role = ipf type = tree number = 13 { 192.0.2.64/27, 192.0.2.0/27, 198.51.100.0/27; };