04-20-2010
8 More Discussions You Might Find Interesting
1. Solaris
The problem:
I installed the Solaris 8 recommended patch cluster 117350-11 over 108528-15 before the Christmas break. The server is a SunFire V100. Here is the situation:
Before the patch install, there was a working cron job that did daily, weekly, and monthly backups of the V100 filesystems... (3 Replies)
Discussion started by: antalexi
3 Replies
2. IP Networking
Hello friends I'm running Redhat 9.0 with linux kernel 2.4.20-8 & have iptables version 1.2.7a & encountering a problem that I narrate down.
I need to apply patch to my iptable and netfilter for connection tracking and load balancing that are available in patch-o-matic distribution by netfilter.... (0 Replies)
Discussion started by: Rakesh Ranjan
0 Replies
3. Solaris
Hello,
As explained, I've encountered an issue while installing Solaris 10 SPARC Recommended Patch Cluster (2009.10.23).
Actually, patch no 120011-14 stops with the following error:
ERROR: attribute verification of </var/run/.patchSafeMode/root/usr/bin/passwd> failed
file type <f>... (6 Replies)
Discussion started by: a.mauger
6 Replies
4. Solaris
Hi there,
Apologies if this question has been asked and answered already but I've not been able to find the thread.
Question: Is it possible to apply the Solaris 10 Recommended Patch Cluster to a whole root (non-global) zone locally? I.E. apply the patch cluster from the non-global in... (3 Replies)
Discussion started by: nm146332
3 Replies
5. Solaris
I'm trying to setup our jumpstart server to automatically apply the latest patch cluster during installs, but I'm running into an issue. Every time Jumpstart runs it has this error. Obviously it's processing the patch_order file, so I'm not sure what I'm missing.
... (0 Replies)
Discussion started by: christr
0 Replies
6. Solaris
I have a question regarding installing recommended patch clusters via ZFS snapshots. Someone wrote a pretty good blog about it here:
Initial Program Load: Live Upgrade to install the recommended patch cluster on a ZFS snapshot
The person's article is similar to what I've done in the past. ... (0 Replies)
Discussion started by: christr
0 Replies
7. Solaris
Hello
I recently downloaded and installed the latest patchset for Solaris 10 (update 5) running on SPARC.
Actually I am new to Solaris (I come from Red Hat) and the security department asked me to update the system for security fixes.
I logged in to Oracle support and used the recommended patch... (3 Replies)
Discussion started by: abohmeed
3 Replies
8. Solaris
Dear All,
Has Oracle stopped updating Solaris 10 recommended patch cluster ? From suport.oracle.com i could see the last patch bundle was released on 11th july and there has been no updates after that.
Does anyone know about any official announcement from oracle on this ?
Thanks ... (1 Reply)
Discussion started by: abhi_8029
1 Replies
LEARN ABOUT DEBIAN
shorewall6-nesting
SHOREWALL6-NESTING(5) [FIXME: manual] SHOREWALL6-NESTING(5)
NAME
nesting - shorewall6 Nested Zones
SYNOPSIS
child-zone[:parent-zone[,parent-zone]...]
DESCRIPTION
In shorewall6-zones[1](5), a zone may be declared to be a sub-zone of one or more other zones using the above syntax. The child-zone may be
neither the firewall zone nor a vserver zone. The firewall zone may not appear as a parent zone, although all vserver zones are handled as
sub-zones of the firewall zone.
Where zones are nested, the CONTINUE policy in shorewall6-policy[2](5) allows hosts that are within multiple zones to be managed under the
rules of all of these zones.
EXAMPLE
/etc/shorewall6/zones:
#ZONE TYPE OPTION
fw firewall
net ipv6
sam:net ipv6
loc ipv6
/etc/shorewall6/interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
- eth0 detect blacklist
loc eth1 detect
/etc/shorewall6/hosts:
#ZONE HOST(S) OPTIONS
net eth0:[::]
sam eth0:[2001:19f0:feee::dead:beef:cafe]
/etc/shorewall6/policy:
#SOURCE DEST POLICY LOG LEVEL
loc net ACCEPT
sam all CONTINUE
net all DROP info
all all REJECT info
The second entry above says that when Sam is the client, connection requests should first be processed under rules where the source zone is
sam and if there is no match then the connection request should be treated under rules where the source zone is net. It is important that
this policy be listed BEFORE the next policy (net to all). You can have this policy generated for you automatically by using the
IMPLICIT_CONTINUE option in shorewall6.conf[3](5).
Partial /etc/shorewall6/rules:
#ACTION SOURCE DEST PROTO DEST PORT(S)
...
ACCEPT sam loc:2001:19f0:feee::3 tcp ssh
ACCEPT net loc:2001:19f0:feee::5 tcp www
...
Given these two rules, Sam can connect with ssh to 2001:19f0:feee::3. Like all hosts in the net zone, Sam can connect to TCP port 80 on
2001:19f0:feee::5. The order of the rules is not significant.
FILES
/etc/shorewall6/zones
/etc/shorewall6/interfaces
/etc/shorewall6/hosts
/etc/shorewall6/policy
/etc/shorewall6/rules
SEE ALSO
shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5),
shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)
NOTES
1. shorewall6-zones
http://www.shorewall.net/manpages6/shorewall-zones.html
2. shorewall6-policy
http://www.shorewall.net/manpages6/shorewall6-policy.html
3. shorewall6.conf
http://www.shorewall.net/manpages6/shorewall6.conf.html
[FIXME: source] 06/28/2012 SHOREWALL6-NESTING(5)