Last updated on AUGUST 17, 2016
Applies to:Solaris Operating System - Version 10 3/05 to 10 9/10 U9 [Release 10.0]
This reference addresses the following commonly reported problems with IPFilter:
Packet Not Being processed by IP Filter; syntax error; IPfilter failed to load; pfil startup error; ipfilter in maintenance mode
The Solaris[TM] IP Filter Firewall product is based on Open Source IP Filter Firewall and was first introduced in Solaris[TM] 10.
It uses a simple rules language and command line tools for adding rules, monitoring, logging, and getting statistics.
Packet filtering can be done by, IP address, port, protocol, network interface, traffic direction, stateful packet and TCP flags.
Besides packet filtering, IP Filter can also provide network address translation (NAT) and port address translation (PAT).
There are several points of compatibility (subject to change):
-Does not control IP forwarding; use ndd or routeadm.
-No IPv6 prior to Solaris[TM] 11/06, no IPv6 jumbograms, no NAT/PAT
-No filtering between zones prior to Solaris[TM] 08/07 and “exclusive IP”
-No Sun Cluster
-No stateful packet filtering in IPMP prior to S10 Update 3
-No IP tunnels
-No pfil module after Solaris 08/07 (/etc/ipf/pfil.ap removed)
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms