所有運算環境 (包括全域區域、核心區域和非全域區域) 都會自動設定 IPFilter 防火牆。不需要手動作業。
若要確認 IPFilters 使用中,請執行下列步驟。
如需 Oracle ILOM 登入指示,請參閱「Oracle MiniCluster S7-2 Administration Guide」。
% ssh mcinstall@mc4-n1 Password: *************** Last login: Tue Jun 28 10:47:38 2016 on rad/59 Oracle Corporation SunOS 5.11 11.3 June 2016 Minicluster Setup successfully configured Unauthorized modification of this system configuration strictly prohibited mcinstall@mc4-n1:/var/home/mcinstall % su root Password: *************** #
確定 /etc/ipf/ipf.conf 檔案中的規則符合下列畫面輸出。
# cat /etc/ipf/ipf.conf block in log on all block out log on ipmppub0 all pass in quick on ipmppub0 proto tcp from any to any port = 22 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 22 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 111 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 111 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 443 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 1159 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 1158 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port 5499 >< 5550 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 4900 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 4900 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 1522 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 1523 flags S keep state pass in quick on ipmppub0 proto tcp from any to any port = 2049 flags S keep state pass out quick on ipmppub0 proto tcp from any to any port = 2049 flags S keep state pass out quick on ipmppub0 proto tcp/udp from any to any port = domain keep state pass in quick on ipmppub0 proto icmp icmp-type echo keep state pass out quick on ipmppub0 proto icmp icmp-type echo keep state pass in quick on ipmppub0 proto udp from any to any port = 123 keep state pass out quick on ipmppub0 proto udp from any to any port = 123 keep state block return-icmp in proto udp all
# svcs | grep svc:/network/ipfilter:default
online 22:13:55 svc:/network/ipfilter:default
# ipfstat -v
bad packets: in 0 out 0
IPv6 packets: in 0 out 0
input packets: blocked 2767 passed 884831 nomatch 884798 counted 0 short 0
output packets: blocked 0 passed 596143 nomatch 595516 counted 0 short 0
input packets logged: blocked 0 passed 0
output packets logged: blocked 0 passed 0
packets logged: input 0 output 0
log failures: input 0 output 0
fragment state(in): kept 0 lost 0 not fragmented 0
fragment reassembly(in): bad v6 hdr 0 bad v6 ehdr 0 failed reassembly 0
fragment state(out): kept 0 lost 0 not fragmented 0
packet state(in): kept 0 lost 0
packet state(out): kept 0 lost 0
ICMP replies: 0 TCP RSTs sent: 0
Invalid source(in): 0
Result cache hits(in): 0 (out): 0
IN Pullups succeeded: 0 failed: 3462
OUT Pullups succeeded: 0 failed: 0
Fastroute successes: 0 failures: 0
TCP cksum fails(in): 0 (out): 0
IPF Ticks: 92894
Packet log flags set: (0)
none