Alle Computing-Umgebungen, einschließlich der globalen Zonen, Kernel-Zonen und nicht-globalen Zonen werden automatisch mit IPFilter-Firewalls konfiguriert. Ein Handbuch ist nicht erforderlich.
Führen Sie die folgenden Schritte aus, um die verwendeten IPFilter zu prüfen.
Anweisungen zur Anmeldung bei Oracle ILOM finden Sie im Oracle MiniCluster S7-2 - Administrationshandbuch.
% ssh mcinstall@mc4-n1 Password: *************** Last login: Tue Jun 28 10:47:38 2016 on rad/59 Oracle Corporation SunOS 5.11 11.3 June 2016 Minicluster Setup successfully configured Unauthorized modification of this system configuration strictly prohibited mcinstall@mc4-n1:/var/home/mcinstall % su root Password: *************** #
Stellen Sie sicher, dass die Regeln in der Datei /etc/ipf/ipf.conf mit der folgenden Bildschirmausgabe übereinstimmen.
# cat /etc/ipf/ipf.conf block in log on all block out log on ipmppub0 all pass in quick on ipmppub0 proto tcp from any to any port = 22 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 22 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 111 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 111 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 443 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 1159 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 1158 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port 5499 >< 5550 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 4900 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 4900 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 1522 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 1523 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 2049 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 2049 flags S keep state pass out quick on ipmppub0 proto tcp/udp from any to any port = domain keep state pass in quick on ipmppub0 proto icmp icmp-type echo keep state pass out quick on ipmppub0 proto icmp icmp-type echo keep state pass in quick on ipmppub0 proto udp from any to any port = 123 keep state pass out quick on ipmppub0 proto udp from any to any port = 123 keep state block return-icmp in proto udp all
# svcs | grep svc:/network/ipfilter:default
online 22:13:55 svc:/network/ipfilter:default
# ipfstat -v
bad packets: in 0 out 0
IPv6 packets: in 0 out 0
input packets: blocked 2767 passed 884831 nomatch 884798 counted 0 short 0
output packets: blocked 0 passed 596143 nomatch 595516 counted 0 short 0
input packets logged: blocked 0 passed 0
output packets logged: blocked 0 passed 0
packets logged: input 0 output 0
log failures: input 0 output 0
fragment state(in): kept 0 lost 0 not fragmented 0
fragment reassembly(in): bad v6 hdr 0 bad v6 ehdr 0 failed reassembly 0
fragment state(out): kept 0 lost 0 not fragmented 0
packet state(in): kept 0 lost 0
packet state(out): kept 0 lost 0
ICMP replies: 0 TCP RSTs sent: 0
Invalid source(in): 0
Result cache hits(in): 0 (out): 0
IN Pullups succeeded: 0 failed: 3462
OUT Pullups succeeded: 0 failed: 0
Fastroute successes: 0 failures: 0
TCP cksum fails(in): 0 (out): 0
IPF Ticks: 92894
Packet log flags set: (0)
none