Tutti gli ambienti computazionali, comprese le zone globali, le zone kernel e le zone non globali, vengono configurate in modo automatico con firewall IPFilter. Non è necessario alcun intervento manuale.
Per verificare i componenti IPFilter in uso, effettuare le operazioni riportate di seguito.
Per le istruzioni di login Oracle ILOM, fare riferimento alla Guida all'amministrazione di Oracle MiniCluster S7-2.
% ssh mcinstall@mc4-n1 Password: *************** Last login: Tue Jun 28 10:47:38 2016 on rad/59 Oracle Corporation SunOS 5.11 11.3 June 2016 Minicluster Setup successfully configured Unauthorized modification of this system configuration strictly prohibited mcinstall@mc4-n1:/var/home/mcinstall % su root Password: *************** #
Assicurarsi che le regole contenute nel file /etc/ipf/ipf.conf corrispondano all'output della schermata riportata di seguito.
# cat /etc/ipf/ipf.conf block in log on all block out log on ipmppub0 all pass in quick on ipmppub0 proto tcp from any to any port = 22 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 22 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 111 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 111 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 443 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 1159 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 1158 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port 5499 >< 5550 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 4900 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 4900 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 1522 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 1523 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 2049 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 2049 flags S keep state pass out quick on ipmppub0 proto tcp/udp from any to any port = domain keep state pass in quick on ipmppub0 proto icmp icmp-type echo keep state pass out quick on ipmppub0 proto icmp icmp-type echo keep state pass in quick on ipmppub0 proto udp from any to any port = 123 keep state pass out quick on ipmppub0 proto udp from any to any port = 123 keep state block return-icmp in proto udp all
# svcs | grep svc:/network/ipfilter:default
online 22:13:55 svc:/network/ipfilter:default
# ipfstat -v
bad packets: in 0 out 0
IPv6 packets: in 0 out 0
input packets: blocked 2767 passed 884831 nomatch 884798 counted 0 short 0
output packets: blocked 0 passed 596143 nomatch 595516 counted 0 short 0
input packets logged: blocked 0 passed 0
output packets logged: blocked 0 passed 0
packets logged: input 0 output 0
log failures: input 0 output 0
fragment state(in): kept 0 lost 0 not fragmented 0
fragment reassembly(in): bad v6 hdr 0 bad v6 ehdr 0 failed reassembly 0
fragment state(out): kept 0 lost 0 not fragmented 0
packet state(in): kept 0 lost 0
packet state(out): kept 0 lost 0
ICMP replies: 0 TCP RSTs sent: 0
Invalid source(in): 0
Result cache hits(in): 0 (out): 0
IN Pullups succeeded: 0 failed: 3462
OUT Pullups succeeded: 0 failed: 0
Fastroute successes: 0 failures: 0
TCP cksum fails(in): 0 (out): 0
IPF Ticks: 92894
Packet log flags set: (0)
none