05-11-2018
Thank you for this, quite useful to me as well.
8 More Discussions You Might Find Interesting
1. HP-UX
how can I create a rule that will allow my machine to FTP to itself, but not allow other machines to FTP to it.. I know this sounds weird but this how they want it so they can test some application functionality that uses ftp. (2 Replies)
Discussion started by: csaunders
2 Replies
2. Solaris
Hello,
| am trying to setup ipfilter on solaris express snv_91 but I don't seem to have the following file available.
/etc/ipf/pfil.ap
Is this an older way of configuring the interface?, I have all the packages installed.
Thanks, (1 Reply)
Discussion started by: Actuator
1 Replies
3. Cybersecurity
Dears,
i am a new user for using ipfilter in solaris 10
and i have some question about this:
by using ipfilter
for example
1- i want specific MAC address able to access hotmail only
2- also i want to make 10MB for this MAC address is a max download per day
3- i am asking about using MAC... (0 Replies)
Discussion started by: coxmanchester
0 Replies
4. Solaris
Hello everyone. I have a problem with ipfilter, you must create a rule to redirect traffic from the external network to internal server on port 443. New Rule:
rdr e1000g0 from xx.xx.xx.69/32 port 443 -> 192.168.10.5 port 443 tcp,
use ipnat -CF -f /etc/ipnat.conf, and ipf send me from error:... (0 Replies)
Discussion started by: kadavr
0 Replies
5. Solaris
Hi everybody,
I'm running on Solaris 10 X86 (update 1009).
I would like to make NAT's rule. I explain you.
On Solaris, I configure the principal interface e1000g0 with IP : 192.168.0.33
I created the first logical interface like that :
ifconfig e1000g0 addif 192.168.0.40 netmask... (0 Replies)
Discussion started by: aureliensm
0 Replies
6. Solaris
For some reason ipfilter is blocking inbound fragmented ip packets (the packets are larger than the interface's MTU) that are encapsulating UDP segments. The connection works, so I know ipfilter is letting some traffic through, it is just a lot slower than it should be.
Rules that allow the... (3 Replies)
Discussion started by: ilikecows
3 Replies
7. Solaris
Howdy
My goal is to block locally the applications on a Solaris 10 server to access specific port on a remote machine. All attempts to access the <remote ip>:<remote port> should be rejected with ICMP port unreachable or with TCP RST.
I tried with the following:
block... (2 Replies)
Discussion started by: ralome
2 Replies
8. Solaris
I recently have become curious with Illumos distributions, at the present time, OmniOS. One thing I've come to expect is being able to simply type "man ls" for example to figure out how to use system tools. However, running man on OmniOS has provided nothing, nor does it seem to be available
... (4 Replies)
Discussion started by: stratacast1
4 Replies
LEARN ABOUT DEBIAN
ipfilter.conf
NETSCRIPT-2.2.conf(5) File Formats Manual NETSCRIPT-2.2.conf(5)
NAME
/etc/netscript/network.conf - interface, firewalling, and QoS configuration file.
/etc/netscript/if.conf - interface setup shell script file
/etc/netscript/qos.conf - QoS setup shell script file
/etc/netscript/ipfilter.conf - IP chains filtering shell script file
/etc/netscript/srvfilter.conf - server IP filter shell script file
DESCRIPTION
This manpage is a place holder until something better is written when the netscript itself has stopped changing rapidly.
Please see the README file in the /etc/netscript directory, and READ the configuration files if you need to change them. Apart from net-
work.conf, all of them contain sh (1) shell script functions which are there so that various things can be altered or hooked in at the
right place. Network.conf contains the full network setup details, including special interface setup for the likes of ciped/pppd/wanconfig,
and is fully commented with examples given.
UPGRADE PATH FROM KERNEL 2.2.X
The firewall/IP filtering stuff in ipfilter.conf is the part that changed radically with the move to iptables and a far better way of set-
ting up the IP filtering rules, however the QoS and interface startup/shutdown in if.conf have changed but are backwards compatible with
the old 2.2.x ipchains version of netscript for the interface address configuration settings. You will have to set up the filtering again
to use iptables by directly using the iptables commands.
Also, the kernel 2.2.x version scripts are set up so that iptables is only run on a 2.4.x kernel, otherwise IP forwarding is disabled if
beforehand you set IPFWDING_KERNEL to FILTER_ON in network.conf.
This means that when you upgrade a box to a 2.4.x router kernel, you should then be able to reboot it and log into remotely and upgrade
netscript to the version that will support 2.4.x. In this situation, if you have set old IPFWDING_KERNEL setting to FILTER_ON beforehand
in network.conf, all IP forwarding through the box will also be disabled. This means that you can safely remotely upgrade a firewall.
SEE ALSO
netscript(8), ipchains(8), iproute(8), brcfg(8).
AUTHOR
This manual page was written by Matthew Grant <grantma@anathoth.gen.nz>, for the Debian GNU/Linux system (but may be used by others).
BUGS
The author is lazy. He needs to write btter man pages...
November 23, 2000 NETSCRIPT-2.2.conf(5)