Ipfilter question

Thread Tools Search this Thread
Operating Systems Solaris Ipfilter question
# 1  
Old 10-04-2013
Hammer & Screwdriver Ipfilter question


My goal is to block locally the applications on a Solaris 10 server to access specific port on a remote machine. All attempts to access the <remote ip>:<remote port> should be rejected with ICMP port unreachable or with TCP RST.

I tried with the following:

block return-icmp(port-unr) out proto tcp from any to port = 1521


block return-rst out proto tcp from any to port = 1521

In both cases connections to this IP/port are timing out instead of being rejected right on the spot.

For example the below works just fine in Linux:

# iptables -I OUTPUT -d -p tcp --dport 1521 -j REJECT 
# telnet 1521
telnet: connect to address Connection refused

# 2  
Old 10-04-2013
Maybe try "return-icmp-as-dest".
# 3  
Old 10-04-2013
thanks but still doesn't work:

# ipfstat -o
block return-icmp-as-dest out proto tcp from any to port = 1521
# telnet 1521

Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. Solaris

A little help with ipfilter on Omnios

I'm on OmniOS. I have set a linux zone(lx zone) wich use network. The other network,connected to internet is The network interface of is bge1 The network interface of is bge0 I know is more easy to use the same network but i prefer to... (1 Reply)
Discussion started by: Linusolaradm1
1 Replies

2. Solaris

ipfilter blocking ip fragments

For some reason ipfilter is blocking inbound fragmented ip packets (the packets are larger than the interface's MTU) that are encapsulating UDP segments. The connection works, so I know ipfilter is letting some traffic through, it is just a lot slower than it should be. Rules that allow the... (3 Replies)
Discussion started by: ilikecows
3 Replies

3. Solaris

NAT IPFilter

Hi everybody, I'm running on Solaris 10 X86 (update 1009). I would like to make NAT's rule. I explain you. On Solaris, I configure the principal interface e1000g0 with IP : I created the first logical interface like that : ifconfig e1000g0 addif netmask... (0 Replies)
Discussion started by: aureliensm
0 Replies

4. Solaris

Syntax error ipfilter solaris 10

Hello everyone. I have a problem with ipfilter, you must create a rule to redirect traffic from the external network to internal server on port 443. New Rule: rdr e1000g0 from xx.xx.xx.69/32 port 443 -> port 443 tcp, use ipnat -CF -f /etc/ipnat.conf, and ipf send me from error:... (0 Replies)
Discussion started by: kadavr
0 Replies

5. Cybersecurity

questions about ipfilter

Dears, i am a new user for using ipfilter in solaris 10 and i have some question about this: by using ipfilter for example 1- i want specific MAC address able to access hotmail only 2- also i want to make 10MB for this MAC address is a max download per day 3- i am asking about using MAC... (0 Replies)
Discussion started by: coxmanchester
0 Replies

6. Solaris

ipfilter solaris express

Hello, | am trying to setup ipfilter on solaris express snv_91 but I don't seem to have the following file available. /etc/ipf/pfil.ap Is this an older way of configuring the interface?, I have all the packages installed. Thanks, (1 Reply)
Discussion started by: Actuator
1 Replies

7. HP-UX

ipfilter hpux11.11

how can I create a rule that will allow my machine to FTP to itself, but not allow other machines to FTP to it.. I know this sounds weird but this how they want it so they can test some application functionality that uses ftp. (2 Replies)
Discussion started by: csaunders
2 Replies

8. UNIX for Dummies Questions & Answers


hi guys, isnt cd - supposed to go back to the previous line?? (8 Replies)
Discussion started by: wannabe_guru
8 Replies
Login or Register to Ask a Question