Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: how to turn on or off FIREWALL in solaris 10
Operating Systems Solaris how to turn on or off FIREWALL in solaris 10 Post 302607341 by jim mcnamara on Wednesday 14th of March 2012 07:40:06 AM
Old 03-14-2012
Code:
ipfstat -io

shows if ipf is running or not.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Solaris Firewall

Can anyone suggest me a personal firewall for my Solaris machines I would like to go for open source not a commercial package DP (1 Reply)
Discussion started by: DPAI
1 Replies

2. IP Networking

Raptor Firewall on Solaris 7.0.4

I installed Raptor FW on Solaris 7.0.4. Platform is SUN V210 with at least four ethernet interfaces. For security, normally, we turned off routing on a Unix box (which by default is ON, right?). But if it is a firewall, i'd think you'd want the SUN to route. We aren't getting packets delivered... (1 Reply)
Discussion started by: ireeneek
1 Replies

3. SuSE

RH8.0 firewall WILL NOT turn off

I have been trying to disable the firewall on a new install of RH8(Psyche). It will NOT stay disabled. I've gone thru system tools, security level and disabled it, and it says YES, like it will save my settings, but when i open it up again, it is always back to HIGH. I also tried using the... (3 Replies)
Discussion started by: kymberm
3 Replies

4. Linux

Turn off firewall in RH8.0

I'm attempting to turn off the firewall (yes, we are in a secure network, as much as that means nowadays), not open to the internet, however, I can't get the firewall to turn off, it won't allow users to ftp to it, or use a terminal emulator to log in, or telnet. And whenever I try to disable the... (2 Replies)
Discussion started by: kymberm
2 Replies

5. Solaris

Solaris firewall?

Hi, I just recently managed to install solaris. And just today I was finally able to get it to go online, by default it wouldn't let me go online. Anyway, I was wondering where one can buy a good UNIX firewall software along the lines of Sygate or MaAffee? Do they even sell firewalls for Unix? ... (1 Reply)
Discussion started by: Lightworker1
1 Replies

6. Solaris

How to turn on Audit trial for Solaris 8

Hi, Anyone know how to turn on Solaris 8 audt trial Thank (2 Replies)
Discussion started by: civic2005
2 Replies

7. Programming

Firewall development for Solaris

I want to develop a firewall for solaris 10. I search a lot for APIs for developing firewall But there is no helping material for it. Please tell me which APIs,Book,Tutorial I should study. Also tell me links which having details how to develop firewall for Solaris. (3 Replies)
Discussion started by: mansoorulhaq
3 Replies

8. Solaris

solaris 8 firewall

hi all, how do i verify if my solaris 8 server have firewall installed on the os? thanks in advance. (3 Replies)
Discussion started by: itik
3 Replies

9. Solaris

solaris turn off multipath mpxio

Im not able to turn the multipath off on the solaris s10 X86...since im on FC boot.. if i disable multipath , from /kernel/drv/iscsi.conf then im not able to boot the machine.:wall: Is there any other go or any suggestions . (2 Replies)
Discussion started by: gowtham.varma
2 Replies

10. Solaris

Solaris 10 8/11 As a firewall

I have a Sunfire V120 that I have Solaris 10 8/11 installed on. The two interfaces are eri0 and eri1. Eri0 is my internal 192.168.0.1 Eri1 is my external 66.160.210.209 Router ip 66.160.210.209 I have enabled routing with routeadm and I have Solaris Native DHCP installed and... (4 Replies)
Discussion started by: jlouki01
4 Replies

LEARN ABOUT XFREE86

ipf

ipf(1M) 																   ipf(1M)

NAME

       ipf - alter packet filtering lists for IP packet input and output

SYNOPSIS

       ipf [-AdDEInoPrsvVyzZ] [-l  block | pass | nomatch] [-T optionlist] [-F	i | o | a | s | S] -f filename [-f  filename...]

       The ipf utility opens the filenames listed (treating a hyphen (-) as stdin) and parses the file for a set of rules which are to be added or
       removed from the packet filter rule set.

       If there are no parsing problems, each rule processed by ipf is added to the kernel's internal lists. Rules are added to  the  end  of  the
       internal lists, matching the order in which they appear when given to ipf.

       ipf's use is restricted through access to /dev/ipauth, /dev/ipl, and /dev/ipstate. The default permissions of these files require ipf to be
       run as root for all operations.

       The following options are supported:

       -A

	   Set the list to make changes to the active list (default).

       -d

	   Turn debug mode on. Causes a hex dump of filter rules to be generated as it processes each one.

       -D

	   Disable the filter (if enabled). Not effective for loadable kernel versions.

       -E

	   Enable the filter (if disabled). Not effective for loadable kernel versions.

       -F i | o | a

	   Specifies which filter list to flush. The parameter should either be i (input), o (output) or a (remove all filter  rules).	 Either  a
	   single  letter  or  an entire word starting with the appropriate letter can be used. This option can be before or after any other, with
	   the order on the command line determining that used to execute options.

       -F s | S

	   To flush entries from the state table, use the -F option in conjuction with either s (removes state	information  about  any  non-fully
	   established connections) or S (deletes the entire state table). You can specify only one of these two options. A fully established con-
	   nection will show up in ipfstat -s output as 4/4, with deviations either way indicating the connection is not fully established.

       -f filename

	   Specifies which files ipf should use to get input from for modifying the packet filter rule lists.

       -I

	   Set the list to make changes to the inactive list.

       -l pass | block | nomatch

	   Toggles default logging of packets. Valid arguments to this option are pass, block and nomatch. When an option is set, any packet which
	   exits filtering and matches the set category is logged. This is most useful for causing all packets that do not match any of the loaded
	   rules to be logged.

       -n

	   Prevents ipf from making any ioctl calls or doing anything which would alter the currently running kernel.

       -o

	   Force rules by default to be added/deleted to/from the output list, rather than the (default) input list.

       -P

	   Add rules as temporary entries in the authentication rule table.

       -r

	   Remove matching filter rules rather than add them to the internal lists.

       -s

	   Swap the currently active filter list to be an alternative list.

       -T optionlist

	   Allows run-time changing of IPFilter kernel variables. To allow for changing, some variables require IPFilter to be in a disabled state
	   (-D), others do not. The optionlist parameter is a comma-separated list of tuning commands. A tuning command is one of the following:

	   list

	       Retrieve a list of all variables in the kernel, their maximum, minimum, and current value.

	   single variable name

	       Retrieve its current value.

	   variable name with a following assignment

	       To set a new value.

	   Examples follow:

	   # Print out all IPFilter kernel tunable parameters
	   ipf -T list

	   # Display the current TCP idle timeout and then set it to 3600
	   ipf -D -T fr_tcpidletimeout,fr_tcpidletimeout=3600 -E

	   # Display current values for fr_pass and fr_chksrc, then set
	   # fr_chksrc to 1.
	   ipf -T fr_pass,fr_chksrc,fr_chksrc=1

       -v

	   Turn verbose mode on. Displays information relating to rule processing.

       -V

	   Show  version  information. This will display the version information compiled into the ipf binary and retrieve it from the kernel code
	   (if running or present). If it is present in the kernel, information about its current state will be displayed;  for  example,  whether
	   logging is active, default filtering, and so forth).

       -y

	   Manually resync the in-kernel interface list maintained by IP Filter with the current interface status list.

       -z

	   For each rule in the input file, reset the statistics for it to zero and display the statistics prior to them being zeroed.

       -Z

	   Zero global statistics held in the kernel for filtering only. This does not affect fragment or state statistics.

       /dev/ipauth
       /dev/ipl
       /dev/ipstate

	   Links to IP Filter pseudo devices.

       /etc/ipf/ipf.conf

	   Location of ipf startup configuration file.

       /usr/share/ipfilter/examples/

	   Contains numerous IP Filter examples.

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWipfu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

       ipfstat(1M), ipmon(1M), ipnat(1M), ipf(4), attributes(5)

       Needs to be run as root for the packet filtering lists to actually be affected inside the kernel.

       To  view license terms, attribution, and copyright for IP Filter, the default path is /usr/lib/ipf/IPFILTER.LICENCE. If the Solaris operat-
       ing environment has been installed anywhere other than the default, modify the given path to access the file at the installed location.

								    25 Jul 2005 							   ipf(1M)
All times are GMT -4. The time now is 07:57 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy