1st case - If you want to block any ports
#vi /etc/ipf/pfil.ap
and uncomment there the specific drivers you are interested in
#svcadm enable ipfilter
to enable and start the ipfilter service.
#autopush -f /etc/ipf/pfil.ap
For example,
You will find some examples of the ipf.conf configuration file in /usr/share/ipfilter/examples. Just copy one of them over /etc/ipf/ipf.conf to start playing around. A simpler demo is to add the one line (spaces between each word):
block in quick proto tcp from any to any port = 23
to the default empty /etc/ipf/ipf.conf and check that you firewall is running by trying to telnet to your machine from another one
2nd case, on your question on IP forwarding,
http://www.sun.com/bigadmin/content/...nt_ip_fwd.html