LinuxQuestions.org - solaris ipf

- Solaris / OpenSolaris (https://www.linuxquestions.org/questions/solaris-opensolaris-20/)

- - solaris ipf (https://www.linuxquestions.org/questions/solaris-opensolaris-20/solaris-ipf-4175678271/)

I need to enable firewall on Solaris. If I put only this in /etc/ipf/ipf.conf:

Code:



#

# ipf.conf

#

# IP Filter rules to be loaded during startup

#

# See ipf(4) manpage for more information on

# IP Filter rules syntax.



block in log quick from 1.2.3.0/24 to any

will it only block given subnet and nothing else?
(is the default action allow?)
thanks.

solved, I've tried it on some less important server, and it works (doesn't block anything else).

Hadn't Solaris changed to PF instead of IPF? If PF is available for the version you have that might be preferable for several reasons including more people are familiar with it.

dunno, what firewall is used by Solaris 11.3 SPARC ?

/etc/firewall/pf.conf seems to be missing

If I read correctly PF was introduced in 11.3, but it would be an older version of PF. Are there manual pages present for each of the device driver pf(4), the pf.conf(5) configuration, and the pfctl(8) utility?

Solaris 11.3 includes PF (pkg install firewall) and IPF
Solaris 11.4 includes PF

Quote:

Originally Posted by qrange (Post 6142453)

I need to enable firewall on Solaris. If I put only this in /etc/ipf/ipf.conf:

(is the default action allow?)

It is a rule-based firewall. There is no "default" action other than the rules you make for it.

pf was available when I used Solaris but it was not the standard yet. I've been using it on FreeBSD since 2005 and have posted my ruleset in that forum and the BSD forum next door.

I love you all equally as much:

Code:

### Macro name for external interface

ext_if = "em0"

netbios_tcp = "{ 22, 23, 25, 80, 110, 111, 123, 512, 513, 514, 515, 6000, 6010 }"

netbios_udp = "{ 123, 512, 513, 514, 515, 5353, 6000, 6010 }"



### Reassemble fragmented packets

scrub in on $ext_if all fragment reassemble



### Default deny everything

block log all



### Pass loopback

set skip on lo0



### Block spooks

antispoof for lo0

antispoof for $ext_if inet

block in from no-route to any

block in from urpf-failed to any

block in quick on $ext_if from any to 255.255.255.255

block in quick log on $ext_if from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32 } to any



### Block all IPv6

block in quick inet6 all

block out quick inet6 all



### Block to and from port 0

block quick proto { tcp, udp } from any port = 0 to any

block quick proto { tcp, udp } from any to any port = 0



### Block specific ports

block in quick log on $ext_if proto tcp from any to any port $netbios_tcp

block in quick log on $ext_if proto udp from any to any port $netbios_udp



### Keep and modulate state of outbound tcp, udp and icmp traffic

pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state

Solaris IPF (Internet Protocol Filter) is a firewall technology used in the Solaris operating system. It provides network-level filtering and packet processing capabilities, allowing administrators to define rules and policies for network traffic control and security. With Solaris IPF, administrators can implement fine-grained control over incoming and outgoing network connections based on various criteria such as source/destination IP addresses, port numbers, protocols, and more. IPF offers flexibility and robustness in securing network communications and mitigating potential security risks. It is a powerful tool for managing network traffic and enforcing security measures on Solaris-based systems, helping to protect against unauthorized access and potential threats.

Quote:

Originally Posted by naancy43 (Post 6434206)

Thanks for copy/pasting a description to a two-year-old closed thread. Reported.