IPFilter (ipf) basic troubleshooting (Doc ID 1019189.1)

Last updated on APRIL 24, 2020

Applies to:

Solaris Operating System - Version 10 3/05 to 10 9/10 U9 [Release 10.0]
All Platforms

Goal

This reference addresses the following commonly reported problems with IPFilter:

Packet Not Being processed by IP Filter; syntax error; IPfilter failed to load; pfil startup error; ipfilter in maintenance mode

The Solaris[TM] IP Filter Firewall product is based on Open Source IP Filter Firewall and was first introduced in Solaris[TM] 10.
It uses a simple rules language and command line tools for adding rules, monitoring, logging, and getting statistics.

Packet filtering can be done by, IP address, port, protocol, network interface, traffic direction, stateful packet and TCP flags.

Besides packet filtering, IP Filter can also provide network address translation (NAT) and port address translation (PAT).

There are several points of compatibility (subject to change):

-Does not control IP forwarding; use ndd or routeadm.
-No IPv6 prior to Solaris[TM] 11/06, no IPv6 jumbograms, no NAT/PAT
-No filtering between zones prior to Solaris[TM] 08/07 and “exclusive IP”
-No Sun Cluster
-No stateful packet filtering in IPMP prior to S10 Update 3
-No IP tunnels
-No pfil module after Solaris 08/07 (/etc/ipf/pfil.ap removed)

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

IPFilter (ipf) basic troubleshooting (Doc ID 1019189.1)

Applies to:

Goal

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!