IPFilter service fails to start - error "protocol unknown error at "all"
Last updated on OCTOBER 22, 2014
Applies to:Solaris SPARC Operating System - Version 10 1/13 U11 and later
Information in this document applies to any platform.
The IPFilter service (svc:/network/ipfilter:default) can start or be restart in a maintenance state (SMF) and the following error can be seen in the SMF log file (/var/svc/log/network-ipfilter:default.log) :
protocol unknown error at "all", line <NUM>
This can happen with rules in /etc/ipf/ipf.conf that use "proto <PROTOCOL>" e.g.
pass in quick on bge0 proto tcp from any to 126.96.36.199 port = 2222 keep state
Other symptoms may be you will not be able an update the rule set, flush the rule set, or restart the service without the error appearing in the SMF log file.Reboot clears the issue though.
The underling problem is that IPFilter can not resolve the proto field through the configure name service. To test use:
# getent protocols tcp
or whichever protocol you are looking up indicated by the line number in the error message above.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms