IPFilter service fails to start - error "protocol unknown error at "all" (Doc ID 1937262.1)

Last updated on OCTOBER 22, 2014

Applies to:

Solaris SPARC Operating System - Version 10 1/13 U11 and later
Information in this document applies to any platform.

Symptoms

The IPFilter service (svc:/network/ipfilter:default) can start or be restart in a maintenance state (SMF) and the following error can be seen in the SMF log file (/var/svc/log/network-ipfilter:default.log) :

protocol unknown error at "all", line <NUM>

This can happen with rules in /etc/ipf/ipf.conf that use "proto <PROTOCOL>" e.g.

...
pass in quick on bge0 proto tcp from any to 191.168.1.1 port = 2222 keep state
...

Other symptoms may be you will not be able an update the rule set, flush the rule set, or restart the service without the error appearing in the SMF log file.Reboot clears the issue though.

Changes

The underling problem is that IPFilter can not resolve the proto field through the configure name service. To test use:

# getent protocols tcp

or whichever protocol you are looking up indicated by the line number in the error message above.
 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms