Login or Register to Ask a Question and Join Our Community


Solaris

PF refreshes dropping user connections

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris PF refreshes dropping user connections
# 1  
Old 02-05-2015
PF refreshes dropping user connections
We often have to update our ipfilter rules on Solaris 11.
Code:
svcadm refresh ipfilter

drops users every time (we're logged in via the global and then a zlogin to the zone in question).

Is there any way not to drop user's connections when modifying ipfilter rules and refreshing the service?
# 2  
Old 02-05-2015
Refreshing the service will lose the dynamic kept state, closing all connections relying on "keep state" rules.

Something like the following should do the trick:
Code:
ipf -IFa && ipf -If /etc/ipf/ipf.conf && ipf -s -y

Taken from http://serverfault.com/questions/638739/refresh-ipfilter-configuration-while-keeping-state , but forum doesn't let me post clickable urls yet.


RBATTE1 adding link:- solaris - Refresh ipfilter configuration while keeping state - Server Fault
Last edited by rbatte1; 02-05-2015 at 12:02 PM.. Reason: Added CODE tags & added URL
# 3  
Old 02-05-2015
I found the same page and intend to try that approach. Will report back after testing.

---------- Post updated at 02:10 PM ---------- Previous update was at 10:41 AM ----------

Quote:
Originally Posted by Walter Misar
Refreshing the service will lose the dynamic kept state, closing all connections relying on "keep state" rules.

Something like the following should do the trick:
Code:
ipf -IFa && ipf -If /etc/ipf/ipf.conf && ipf -s -y

Taken from http://serverfault.com/questions/638739/refresh-ipfilter-configuration-while-keeping-state , but forum doesn't let me post clickable urls yet.


RBATTE1 adding link:- solaris - Refresh ipfilter configuration while keeping state - Server Fault
This worked perfectly. We tested it carefully.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Pc's dropping connection to NFS

Hi there. I have a problem with pc's dropping their mounts to a network Nas. The Nas is a Synology DiskStation, it has enough concurrent connections which I think off the top of my head is about 200 and I only need 120. So, question 1 is why will a unix box drop a mount, and 2, how can I... (2 Replies)
Discussion started by: MuntyScrunt
2 Replies

2. Red Hat

Create same file name to directory name without dropping it

Hi, Under '/home' directory, there is one file called 'maddy'.Usually there used to be directories under /home directory. # ls -alrt total 132 drwx------ 2 hcladmin sys 4096 May 30 10:54 admin drwxr-xr-x 29 root root 4096 Aug 27 03:54 .. drwx------ 2 v6admin dba ... (3 Replies)
Discussion started by: Maddy123
3 Replies

3. Emergency UNIX and Linux Support

Dropping Connection

Hi folks, We are pushing messages to an IBM MQ queue on a AIX server where our client connects to from their Windows server and pick up the message. The problem is that every now and then the connection drops and the client application cannot pick up the message. Someone has to bring up the... (1 Reply)
Discussion started by: ChicagoBlues
1 Replies

4. Shell Programming and Scripting

bash dropping SIGHUPs

I've written a daemon in bash, that waits for a HUP signal and then does some processing, before waiting for the next HUP. It goes something like this: trap gothup=1 HUP while :; do gothup=0 # do some processing ... # now wait for a HUP ... while ; do sleep 30 &... (4 Replies)
Discussion started by: cambridge
4 Replies

5. Solaris

Names dropping out of /etc/aliases

We are having a problem with names being dropped from the /etc/mail/aliases file. There's no pattern to the names being dropped. It is very random. We are running sendmail 8.14.3 on a Solaris 10 server. There are about 9000 lines in the /etc/mail/aliases file. Is there a limitation on... (8 Replies)
Discussion started by: TFord
8 Replies

6. Red Hat

Download speed gradually dropping

RH 4.2.1.13 Hi All, I just installed RH and I am able to connect to the internet via my router. My high speed is such that I should be able to download at over 1000 kb/s. While trying to download oracle database, it is starting at above 1000kb/s and gradually droping to below 40kb/s which... (1 Reply)
Discussion started by: jxh461
1 Replies

7. Linux

Free Linux Memory by Dropping Caches

Linux Kernels 2.6.16 and up provide a way to instruct the kernel to drop the page cache, inode and dentry caches on command. This tip can help free Linux memory without a reboot. Note: This is a non-destructive operation. Dirty objects are not freeable, hence; you must run sync beforehand. ... (0 Replies)
Discussion started by: Neo
0 Replies

8. UNIX for Dummies Questions & Answers

Monitor Continually Refreshes

I am supporting a legacy sparc 5 running OS 4.1.4. The system was set up and my data displays correctly EXCEPT, the monitor refreshes continually. Every 30s to 3 or 4 minutes the display goes Black, refreshes and comes up with the a 5" long display bar that says "72kHz/72Hz". The process... (0 Replies)
Discussion started by: bvigg
0 Replies

9. UNIX for Advanced & Expert Users

strintercept dropping message on unixware

i have unixware 2.1. A warning message Strintercept dropping message start scrolling on screen. does anyone have any idea what it means? :confused: and some times system hangs with all terminals.? (2 Replies)
Discussion started by: kapilverma_udr
2 Replies
Login or Register to Ask a Question