Login or Register to Ask a Question and Join Our Community


Solaris

ipf.conf question

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris ipf.conf question
# 1  
Old 03-31-2009
ipf.conf question
OK I am running solaris 10.

I made some changes to my ipf.conf file and issued the command:
ipf -Fa -f /etc/ipf/ipf.conf
to flush out the old and bring in the new changes.

When I ran ipfstat -ioh to verify it had brought in the new rule set I saw something I wasn't expecting to see.

I had entries in the ipf.conf file like this ( NOTE: I replaced the actual ip's used partially with #'s to protect the server info):

pass in quick on eri0 proto tcp from ##.##.###.10 to ##.##.###.33 port = 8080 keep state

when I ran the ipfstat command I got this:

pass in quick on eri0 proto tcp from ##.##.###.10/32 to ##.##.###.33/32 port = 8080 keep state

So my question is, and I apologize if it is a stupid question, this is still all a bit new to me, but what is the /32 part it added to my ip's?
# 2  
Old 03-31-2009
/32 means 'this ip and only this ip'. CIDR notation and subnet-ting explain the guts of it.
# 3  
Old 03-31-2009
Code:
32 = X-network-bits + Y-host-bits
Addresses = 2 ^ Y-host-bits
--------------------------------------------------------------
CIDR        Total number    Network             Description:
Notation:   of addresses:   Mask:
--------------------------------------------------------------
/0          4,294,967,296   0.0.0.0             Every Address
/1          2,147,483,648   128.0.0.0           128 /8 nets
/2          1,073,741,824   192.0.0.0           64 /8 nets
/3          536,870,912     224.0.0.0           32 /8 nets
/4          268,435,456     240.0.0.0           16 /8 nets
/5          134,217,728     248.0.0.0           8 /8 nets
/6          67,108,864      252.0.0.0           4 /8 nets
/7          33,554,432      254.0.0.0           2 /8 nets
/8          16,777,214      255.0.0.0           1 /8 net
--------------------------------------------------------------
/9          8,388,608       255.128.0.0         128 /16 nets
/10         4,194,304       255.192.0.0         64 /16 nets
/11         2,097,152       255.224.0.0         32 /16 nets
/12         1,048,576       255.240.0.0         16 /16 nets
/13         524,288         255.248.0.0         8 /16 nets
/14         262,144         255.252.0.0         4 /16 nets
/15         131.072         255.254.0.0         2 /16 nets
/16         65,536          255.255.0.0         1 /16
--------------------------------------------------------------
/17         32,768          255.255.128.0       128 /24 nets
/18         16,384          255.255.192.0       64 /24 nets
/19         8,192           255.255.224.0       32 /24 nets
/20         4,096           255.255.240.0       16 /24 nets
/21         2,048           255.255.248.0       8 /24 nets
/22         1,024           255.255.252.0       4 /24 nets
/23         512             255.255.254.0       2 /24 nets
/24         256             255.255.255.0       1 /24
--------------------------------------------------------------
/25         128             255.255.255.128     Half of a /24
/26         64              255.255.255.192     Fourth of a /24
/27         32              255.255.255.224     Eighth of a /24
/28         16              255.255.255.240     1/16th of a /24
/29         8               255.255.255.248     5 Usable addresses
/30         4               255.255.255.252     1 Usable address
/31         2               255.255.255.254     Unusable
/32         1               255.255.255.255     Single host
--------------------------------------------------------------

Reference:

A chart describing CIDR subnets

See also, Wikipedia on CIDR.
# 4  
Old 03-31-2009
Ahh I see thanks guys!
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Script to update rsyslog.conf and auditd.conf

Hello all, Newbie here. I'm currently tasked with updating rsyslog.conf and auditd.conf on a large set of servers. I know the exact logging configurations that I want to enable. I have updated both files on on a server and hope to use the updated files as a template for the rest of the... (3 Replies)
Discussion started by: Mide
3 Replies

2. Solaris

Zone ipf question

Hello, I was wondering, if your setting ipf filter rules on a Solaris 10 server with one or more full root zones. Where do you set it? I know that the place to set the rules is here; /etc/ipf/ipf.conf. Do I set it in each zone and the global? Or should I just set the rules at the global? ... (7 Replies)
Discussion started by: bitlord
7 Replies

3. UNIX for Advanced & Expert Users

ipf/ipnat NAT/port forward issues

I've been going crazy trying to get this working. Here's the situation: we have a Solaris 10 box that connects an internal network to an external network. We're using ipf/ipnat on it. We've added a couple of new boxes to the internal network (192.168.1.100, .101) and want to be able to get to port... (1 Reply)
Discussion started by: spakov
1 Replies

4. Cybersecurity

IPF pass in connection to port 21 even with no explicit rule

I'm running IPF on solaris 10 bash-3.00# ipf -V #display ipf version ipf: IP Filter: v4.1.9 (592) Kernel: IP Filter: v4.1.9 Running: yes Log Flags: 0 = none set Default: pass all, Logging: available Active list: 1 Feature mask: 0x107 with the following rules bash-3.00# ipfstat -o -i... (0 Replies)
Discussion started by: h@foorsa.biz
0 Replies

5. Solaris

IPF on Solaris 10 prior 10 8/07 releases

I'm trying to enable IPF ( ip filter ) on solaris 10 release 6/06 Solaris 10 6/06 s10s_u2wos_09a SPARC so i enabled svc:/network/ipfilter:default it was disabled by default and svc:/network/pfil:default was enabled and online there only one config file under etc $/etc/ipf/ipf.conf i... (1 Reply)
Discussion started by: h@foorsa.biz
1 Replies

6. Red Hat

Question about nsswitch.conf

Hi, I was told to add the "nis" in front of "files" for below lines in /etc/nsswitch.conf was not in a good practise. I tried to search in google and man page for nsswitch.conf and can't find the answer. could someone please help me? passwd: nis files shadow: nis files group: nis files... (2 Replies)
Discussion started by: beeloo
2 Replies

7. UNIX for Dummies Questions & Answers

Solaris 10 question on syslog.conf file

Hi, I have a question on /etc/syslog.conf file in Solaris 10. Below is a line taken from /etc/syslog.conf file and I know that the last field (operator) is where the logs gets outputted but how do I find out what the output file name format is going to be and which directory it gets outputted... (1 Reply)
Discussion started by: stevefox
1 Replies

8. Solaris

basic question on sd.conf and lpc.conf file

Hello Guys, Do we need to configure this file only if we add SAN disk or even if we add local disk, do we need to modify? (4 Replies)
Discussion started by: mokkan
4 Replies

9. Solaris

Quick question about resolv.conf

Hey all! I'm working on Solaris10 right now and I was fiddling around with a fresh install and was wondering about the service that uses resolv.conf? I know prior to Sol10 (SMF) it was /etc/init.d/inetsvc stop and start to reload resolv.conf changes but I can't seem to find the correct SMF... (5 Replies)
Discussion started by: Keepcase
5 Replies

10. UNIX for Dummies Questions & Answers

smb.conf question

Folks; I know this might sounds stupid, but please help with this: I have share in my smb.conf on my SUSE 10 box. How can i make this share accessible to outside IP range or a specific IP address without need for user/pass? Here's the share as it's written in smb.conf: ; ;comment =... (0 Replies)
Discussion started by: Katkota
0 Replies
Login or Register to Ask a Question