Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: PF refreshes dropping user connections
Operating Systems Solaris PF refreshes dropping user connections Post 302934198 by LittleLebowski on Thursday 5th of February 2015 08:35:45 AM
Old 02-05-2015
PF refreshes dropping user connections
We often have to update our ipfilter rules on Solaris 11.
Code:
svcadm refresh ipfilter

drops users every time (we're logged in via the global and then a zlogin to the zone in question).

Is there any way not to drop user's connections when modifying ipfilter rules and refreshing the service?
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

strintercept dropping message on unixware

i have unixware 2.1. A warning message Strintercept dropping message start scrolling on screen. does anyone have any idea what it means? :confused: and some times system hangs with all terminals.? (2 Replies)
Discussion started by: kapilverma_udr
2 Replies

2. UNIX for Dummies Questions & Answers

Monitor Continually Refreshes

I am supporting a legacy sparc 5 running OS 4.1.4. The system was set up and my data displays correctly EXCEPT, the monitor refreshes continually. Every 30s to 3 or 4 minutes the display goes Black, refreshes and comes up with the a 5" long display bar that says "72kHz/72Hz". The process... (0 Replies)
Discussion started by: bvigg
0 Replies

3. Linux

Free Linux Memory by Dropping Caches

Linux Kernels 2.6.16 and up provide a way to instruct the kernel to drop the page cache, inode and dentry caches on command. This tip can help free Linux memory without a reboot. Note: This is a non-destructive operation. Dirty objects are not freeable, hence; you must run sync beforehand. ... (0 Replies)
Discussion started by: Neo
0 Replies

4. Red Hat

Download speed gradually dropping

RH 4.2.1.13 Hi All, I just installed RH and I am able to connect to the internet via my router. My high speed is such that I should be able to download at over 1000 kb/s. While trying to download oracle database, it is starting at above 1000kb/s and gradually droping to below 40kb/s which... (1 Reply)
Discussion started by: jxh461
1 Replies

5. Solaris

Names dropping out of /etc/aliases

We are having a problem with names being dropped from the /etc/mail/aliases file. There's no pattern to the names being dropped. It is very random. We are running sendmail 8.14.3 on a Solaris 10 server. There are about 9000 lines in the /etc/mail/aliases file. Is there a limitation on... (8 Replies)
Discussion started by: TFord
8 Replies

6. Shell Programming and Scripting

bash dropping SIGHUPs

I've written a daemon in bash, that waits for a HUP signal and then does some processing, before waiting for the next HUP. It goes something like this: trap gothup=1 HUP while :; do gothup=0 # do some processing ... # now wait for a HUP ... while ; do sleep 30 &... (4 Replies)
Discussion started by: cambridge
4 Replies

7. Emergency UNIX and Linux Support

Dropping Connection

Hi folks, We are pushing messages to an IBM MQ queue on a AIX server where our client connects to from their Windows server and pick up the message. The problem is that every now and then the connection drops and the client application cannot pick up the message. Someone has to bring up the... (1 Reply)
Discussion started by: ChicagoBlues
1 Replies

8. Red Hat

Create same file name to directory name without dropping it

Hi, Under '/home' directory, there is one file called 'maddy'.Usually there used to be directories under /home directory. # ls -alrt total 132 drwx------ 2 hcladmin sys 4096 May 30 10:54 admin drwxr-xr-x 29 root root 4096 Aug 27 03:54 .. drwx------ 2 v6admin dba ... (3 Replies)
Discussion started by: Maddy123
3 Replies

9. UNIX for Beginners Questions & Answers

Pc's dropping connection to NFS

Hi there. I have a problem with pc's dropping their mounts to a network Nas. The Nas is a Synology DiskStation, it has enough concurrent connections which I think off the top of my head is about 200 and I only need 120. So, question 1 is why will a unix box drop a mount, and 2, how can I... (2 Replies)
Discussion started by: MuntyScrunt
2 Replies

LEARN ABOUT DEBIAN

netscript

NET(8)							      System Manager's Manual							    NET(8)

NAME

       netscript - netscript network configuration command

SYNOPSIS

       netscript start|stop|reload|restart
       netscript ifup|ifdown|ifqos|ifreload <interface-name>|all
       netscript compile [ -fhq ] [ -b max-backup-level ]
       netscript ipfilter load|clear|fairq|flush|reload|save
       netscript ipfilter usebackup [ backup-number ]
       netscript ipfilter exec <function-name1>|<function-name2> [chain p1 p2 ...]
       netscript ip6filter load|clear|fairq|flush|reload|save
       netscript ip6filter usebackup [ backup-number ]
       netscript ip6filter exec <function-name1>|<function-name2> [chain p1 p2 ...]

DESCRIPTION

       This manual page documents briefly the netscript command from the netscript router/firewall network configuration package.

       This  command  is used to configure/reconfigure the interface configuration, ipchains filter setup, and ip route service ( QoS ) setup that
       are configured in netscript's configuration files.  It can manipulate individual interfaces, and reconfigure the iptables  filter  contents
       and firewall setup, or reconfigure the QoS setup.

       It  is rather incomplete as it does not describe fully the finely tuned manipulations that happen due to netscript's design which enables a
       Linux box to serve as a high availability heavy-duty mission-critcial network router or firewall.

COMPILE CONFIGURATION MODE

       The rules can be compiled and automatically loaded on boot by  setting  the  IPV4_CONFIGURE_SWITCH  switch  in network.conf(5) to the value
       of  the	function  used	to  configure  the  kernel.   Net-compile(8) creates this  function  as 'Configure'.   If  this switch is set, the
       netscript startup will run netscript-compile(8) to make sure everything is  up  to date	and  load  the	rules  from  /etc/netscript/ipfil-
       ter-defs.conf,  and the relevant  settings  in network.conf(5) which  are used to establish packet grooming and configure the built in ker-
       nel netfilter INPUT and FORWARD chains  in the  filter table. If compilation fails, the previous rule set is not replaced and  it  is  used
       instead.

       A similar mode exists for IPv6, but it is not fully implemented yet.

IPTABLES CONFIGURATION MODE

       This  configuration mode corresponds to the old method of doing it using iptables-save(8) and iptables-restore(8).  This is the default for
       operation, and occurs if the IPV4_CONFIGURE_SWITCH is not set in network.conf(5).

       This is the metoh still used by IPv6 as well.

OPTIONS

       start  Set up networking configruation by loading ipcahins filters, setting up bridge, configuring interfaces and  running  any	configured
	      lower layer protocol daemons or commands. For use from a startup script.

       stop   Shut everything down. For use from a startup script.

       reload Refresh the setup of netscript except for iptables from the configuration files in /etc/netscript

       restart|force-reload
	      Stop everthing and then start everything again. For use from a startup script.

       ifup <interface-name>|all
	      Bring interfaces(s) up by starting any protocol daemons, and configuring interfaces.

       ifdown <interface-name>|all
	      Shutdown said interface(s) by doing reverse of ifdown.

       ifqos <interface-name>|all
	      Reload QoS configuration for interface(s).

       ifreload <interface-name>|all
	      Refresh the interface setup and implement any configuration changes.

       ifreset <interface-name>|all
	      Shutdown and then restart interface(s), reloading configuration from lower layer up to the network layer.

       compile [ -fhq ] [ -b max-backup-level ]
	      Compile  the  new  definitions in /etc/netscript/ipfilter-defs directory into a new set of functions in the /etc/netscript/ipfilter-
	      defs-compiled.conf file. See the netscript-compile(8) and ipfilter-defs(5) manpages for details.

       ipfilter load|reload
	      Load/reload the IPv4 iptables filters and reconfigure the firewalling, from that saved  in  /etc/netscript/iptables  (via  iptables-
	      restore(8) ), and the QoS fair queuing setup, or by excuting the requisite configuration function from /etc/netscript/ipfilter-defs-
	      compiled.conf if using ipfilter-defs(5) mode.

       ipfilter save
	      Save the IPv4 iptables configuration to /etc/netscript/iptables via iptables-save(8) , after backing it up  to  /etc/netscript/ipta-
	      bles.1  and  cycling  the  previous  backup  files  down	through the configuration history.  This does not work if the IPv6 side of
	      netscript is operating in ipfilter-defs(5) mode.

       ipfilter usebackup [ backup-number ]
	      Restore setup from the IPv4 iptables backup configuration from /etc/netscript/iptables.n ( default 1 ) via  iptables-restore(8),	or
	      if the ipfilter-defs(5) backend is used, the requisite backup number from the /etc/netscript/ipfilter-defs.conf history files.

       ipfilter clear|flush
	      Remove  iptables	and  any  firewall  setup, and if IPV4_FWDING_KERNEL is set to FILTER_ON (see network.conf(5) ), disables all IPv4
	      packet forwarding on the router.	Very useful for debugging protocol problems on a firewall by enabling a reasonably safe  check	to
	      be made with the filtering down.

       ipfilter forward|fwd
	      Turns on the IPv4 kernel forwarding switch manually.  This is irrespective of the setting of IPV4_FWDING_KERNEL (see network.conf(5)
	      ). Use with caution as it will allow traffic through the box.

       ipfilter noforward|nofwd
	      Turns off the IPv4 kernel forwarding switch manually.   This  is	irrespective  of  the  setting	of  IPV4_FWDING_KERNEL	(see  net-
	      work.conf(5) ). Use with caution as it will cut off reachability.

       ipfilter fairq
	      Reload the IPv4 fairq chain that marks the packets for the QoS interface transmit queues.

       ip6filter load|reload
	      Load/reload the IPv6 iptables filters and reconfigure the firewalling, from that saved in /etc/netscript/ip6tables
	       (via  ip6tables-restore(8)  ),  and  the  QoS  fair  queuing  setup,  or  by  excuting  the  requisite  configuration function from
	      /etc/netscript/ipfilter-defs-compiled.conf if using ipfilter-defs(5) mode.

       ip6filter save
	      Save  the  IPv6  iptables  configuration	to  /etc/netscript/iptables   via   ip6tables-save(8)	,   after   backing   it   up	to
	      /etc/netscript/ip6tables.1  and cycling the previous backup files down through the configuration history.  This does not work if the
	      IPv6 side of netscript is operating in ipfilter-defs(5) mode.

       ip6filter usebackup [ backup-number ]
	      Restore setup from the IPv6 iptables backup configuration from /etc/netscript/ip6tables.n ( default 1 ) via ip6tables-restore(8), or
	      if the ipfilter-defs(5) backend is used, the requisite backup number from the /etc/netscript/ipfilter-defs.conf history files.

       ip6filter clear|flush
	      Remove  IPv6 iptables setup, and if IPV6_FWDING_KERNEL is set to FILTER_ON (see network.conf(5) ), disables all IPv6 packet forward-
	      ing on the router.  Very useful for debugging protocol problems on a firewall by enabling a reasonably safe check to  be	made  with
	      the filtering down.

       ip6filter forward|fwd
	      Turns on the IPv6 kernel forwarding switch manually.  This is irrespective of the setting of IPV6_FWDING_KERNEL (see network.conf(5)
	      ). Use with caution as it will allow traffic through the box.

       ip6filter noforward|nofwd
	      Turns off the IPv6 kernel forwarding switch manually.   This  is	irrespective  of  the  setting	of  IPV6_FWDING_KERNEL	(see  net-
	      work.conf(5) ). Use with caution as it will affect reachability.

       ip6filter fairq
	      Reload the IPv6 fairq chain that marks the packets for the QoS interface transmit queues.

FILES

       /etc/netscript/if.conf, /etc/netscript/ipfilter.conf,
       /etc/netscript/network.conf, /etc/netscript/qos.conf,
       /etc/netscript/ipfilter-defs.conf,
       /etc/netscript/ipfilter-defs-compiled.conf,
       /etc/netscript/ipfilter-defs directory,
       /etc/netscript/iptables, /etc/netscript/ip6tables,
       /etc/netscript/ipfilter-defs-compiled

SEE ALSO

       netscript-compile(8),  ipfilter-defs(5),  if.conf(5),  ipfilter.conf(5), network.conf(5), qos.conf(5), ip(8), tc(8), iptables(8), iptables-
       restore(8), iptables-save(8), ip6tables(8), ip6tables-restore(8), ip6tables-save(8), brcfg(8).

AUTHOR

       This manual page was written by Matthew Grant <grantma@anathoth.gen.nz>, for the Debian GNU/Linux system (but may be used by others).

BUGS

       I wrote this manpage when I was half asleep...

								 January 24, 2003							    NET(8)
All times are GMT -4. The time now is 04:18 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy