Todos los entornos de cálculo, incluidas las zonas globales, las zonas de núcleo y las zonas no globales, se configuran automáticamente con firewalls IPFilter. No se requiere ninguna acción manual.
Para verificar los firewalls IPFilter que están en uso, realice los siguientes pasos.
Para obtener instrucciones sobre el inicio de sesión en Oracle ILOM, consulte la Guía de administración de Oracle MiniCluster S7-2.
% ssh mcinstall@mc4-n1 Password: *************** Last login: Tue Jun 28 10:47:38 2016 on rad/59 Oracle Corporation SunOS 5.11 11.3 June 2016 Minicluster Setup successfully configured Unauthorized modification of this system configuration strictly prohibited mcinstall@mc4-n1:/var/home/mcinstall % su root Password: *************** #
Asegúrese de que las reglas del archivo /etc/ipf/ipf.conf coincidan con la siguiente salida de la pantalla.
# cat /etc/ipf/ipf.conf block in log on all block out log on ipmppub0 all pass in quick on ipmppub0 proto tcp from any to any port = 22 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 22 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 111 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 111 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 443 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 1159 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 1158 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port 5499 >< 5550 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 4900 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 4900 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 1522 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 1523 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 2049 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 2049 flags S keep state pass out quick on ipmppub0 proto tcp/udp from any to any port = domain keep state pass in quick on ipmppub0 proto icmp icmp-type echo keep state pass out quick on ipmppub0 proto icmp icmp-type echo keep state pass in quick on ipmppub0 proto udp from any to any port = 123 keep state pass out quick on ipmppub0 proto udp from any to any port = 123 keep state block return-icmp in proto udp all
# svcs | grep svc:/network/ipfilter:default
online 22:13:55 svc:/network/ipfilter:default
# ipfstat -v
bad packets: in 0 out 0
IPv6 packets: in 0 out 0
input packets: blocked 2767 passed 884831 nomatch 884798 counted 0 short 0
output packets: blocked 0 passed 596143 nomatch 595516 counted 0 short 0
input packets logged: blocked 0 passed 0
output packets logged: blocked 0 passed 0
packets logged: input 0 output 0
log failures: input 0 output 0
fragment state(in): kept 0 lost 0 not fragmented 0
fragment reassembly(in): bad v6 hdr 0 bad v6 ehdr 0 failed reassembly 0
fragment state(out): kept 0 lost 0 not fragmented 0
packet state(in): kept 0 lost 0
packet state(out): kept 0 lost 0
ICMP replies: 0 TCP RSTs sent: 0
Invalid source(in): 0
Result cache hits(in): 0 (out): 0
IN Pullups succeeded: 0 failed: 3462
OUT Pullups succeeded: 0 failed: 0
Fastroute successes: 0 failures: 0
TCP cksum fails(in): 0 (out): 0
IPF Ticks: 92894
Packet log flags set: (0)
none