Hi all, thanks to Antonia Gomez <tonyi@fib.upc.es> gabriel rosenkoetter <gr@eclipsed.net> "Schmitt, Martin (Dregis STB C)" <Martin.Schmitt@dregis.com> Steve Devine <sdevine@msu.edu> "Kamalan Govender" <kamalang@cns.wits.ac.za> Peter Laws <plaws@central.sun.com> Paul Richards <p.richards@ukonline.co.uk> Scott Palmer <scott@unixheads.com> Steve Mickeler <steve@neptune.ca> "Steve Bagdon" <sun@bagdon.com> Tim Chipman <chipman@ecopiabio.com> and especially to Alex Stade <alex@trdlnk.com> I did not manage to get ip filter working with a self compiled version of gcc 3.1. I used the following command to conigure gcc. # ../gcc-3.1/configure --prefix=/usr/local --enable-shared --enable-threads --with-gnu-as --with-gnu-ld --disable-nls --enable-languages=c,c++,objc --disable-libgcj If anybody knows a reason why this would prevent me from building 64 bit stuff please let me know. However, I then downloaded the binary of gcc 3.1 from sunfreeware.com and the ip filter sources. Then I did mv /usr/local/bin/strip /usr/local/bin/stripper to temporily disable the gnu strip and then did /usr/ccs/bin/make solaris cd SunOS5 /usr/ccs/bin/make package This compiled and installed ip filter on my machine. Configuration goes into /etc/opt/ipf/ipf.conf e.g. block in quick on dmfe1 all to block all incoming traffic from interface dmfe1. The beast is started with "/etc/rc2.d/S65ipfboot start". New rules can be set with "ipf -Fa -f /etc/opt/ipf/ipf.conf". Again, thanks to all that respondedn and helped me to get this working. Just FYI, Tim Chipman mentioned serious problems with a gcc compiled IPF (statement follows). Regards, Andreas ========================================================== We deployed IPF here last year, initially using a version compiled with GCC, and deployed mostly on Solaris 2.6 boxes (but a few sol8 as well) We had a LOT of problems with the machines "hanging" which was traced conclusively via core dumps to IPF. (ie, hanging means, no response on console {or anywhere else} unless you pull the keyboard, and drop into OK> prompt ; absolute radio silence otherwise). This was happening at intervals ranging from once per week to once per month, unclear what caused it precisely other than a loop in IPF getting hung up. Quite amazing to me that software could hang a machine so bad but .. it was very conclusive. I guess kernel-level software can do serious damage :-) Anyhow. To say the least, it was removed pronto from the affected systems. Later, we tested a slightly more current IPF revision, built with CC (ie, sun's compiler, not Gcc) and have had it in testing for many months now. There are no problems with this install so far. So: Just thought I should warn you, that GCC-built IPF may cause some grief. The support sun folks suggested there were other documented cases of this in their database, even though they wouldn't tell me how prevalent the problem was. (hah ha, they just suggest using "sunscreen" instead of IPF) If you wish, I can problably get the info on our current version from the network admin who was doing this work/testing and send that along. _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Thu Jun 6 11:15:26 2002
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:46 EST