所有计算环境(包括全局区域、内核区域和非全局区域)都自动配置有 IPFilter 防火墙。不需要手动配置。
要验证 IPFilter 是否正在使用,请执行以下步骤。
有关 Oracle ILOM 登录说明,请参阅《Oracle MiniCluster S7-2 管理指南》。
% ssh mcinstall@mc4-n1 Password: *************** Last login: Tue Jun 28 10:47:38 2016 on rad/59 Oracle Corporation SunOS 5.11 11.3 June 2016 Minicluster Setup successfully configured Unauthorized modification of this system configuration strictly prohibited mcinstall@mc4-n1:/var/home/mcinstall % su root Password: *************** #
确保 /etc/ipf/ipf.conf 文件中的规则与以下屏幕输出匹配。
# cat /etc/ipf/ipf.conf block in log on all block out log on ipmppub0 all pass in quick on ipmppub0 proto tcp from any to any port = 22 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 22 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 111 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 111 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 443 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 1159 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 1158 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port 5499 >< 5550 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 4900 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 4900 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 1522 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 1523 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 2049 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 2049 flags S keep state pass out quick on ipmppub0 proto tcp/udp from any to any port = domain keep state pass in quick on ipmppub0 proto icmp icmp-type echo keep state pass out quick on ipmppub0 proto icmp icmp-type echo keep state pass in quick on ipmppub0 proto udp from any to any port = 123 keep state pass out quick on ipmppub0 proto udp from any to any port = 123 keep state block return-icmp in proto udp all
# svcs | grep svc:/network/ipfilter:default
online 22:13:55 svc:/network/ipfilter:default
# ipfstat -v
bad packets: in 0 out 0
IPv6 packets: in 0 out 0
input packets: blocked 2767 passed 884831 nomatch 884798 counted 0 short 0
output packets: blocked 0 passed 596143 nomatch 595516 counted 0 short 0
input packets logged: blocked 0 passed 0
output packets logged: blocked 0 passed 0
packets logged: input 0 output 0
log failures: input 0 output 0
fragment state(in): kept 0 lost 0 not fragmented 0
fragment reassembly(in): bad v6 hdr 0 bad v6 ehdr 0 failed reassembly 0
fragment state(out): kept 0 lost 0 not fragmented 0
packet state(in): kept 0 lost 0
packet state(out): kept 0 lost 0
ICMP replies: 0 TCP RSTs sent: 0
Invalid source(in): 0
Result cache hits(in): 0 (out): 0
IN Pullups succeeded: 0 failed: 3462
OUT Pullups succeeded: 0 failed: 0
Fastroute successes: 0 failures: 0
TCP cksum fails(in): 0 (out): 0
IPF Ticks: 92894
Packet log flags set: (0)
none