Thanks to Leif Hardinson Robert Petkus Neil Quiogue Mike Box Original email below... My original problem was with the pfil code....when I did the strconf < /dev/eri the pfil was never listed... and if I used strchg -h pfil or strchg -h pfil < /dev/eri it never went onto the stream configuration.... So, after reading the pfil README, and reviewing the /etc/init.d/pfil command, I decided that Sol8 and above do not use the above method. Instead, Sol8 uses the ifconfig method and/or autopush... I did a little simple testing, and it seems that the software is actually working without the strconf command - so I am hoping that area is good to go! If I run the ifconfig ... modinsert ... command, IPFilter works correctly...but the autopush on startup is still failing (looking into this today) Reading/Links: http://www.obfuscation.org/ipf/ - HOW TO (has some great links on it) http://www.sun.com/bigadmin/features/articles/ipfilter.html Amy Rich on IPFilter (Great article!) http://www.samag.com/articles/2004/0410/ (need to buy this magazine) Great article on securing a single server against attack. The SysAdmin Magazine article is what I am trying....Instead off shutting down any and everything on the Sun Box that is not used - Use IPFilter to restrict access to known "used" services! This is basically a very simple "step 1" to harden a Solaris box! Cheers Paul >Hi > >I am trying to install IPFilter...and have come across a pre-req that >will not install properly... > >The pre-req is > pfil > >After running > pkgadd -d /tmp/pfil.pkg >check configuration with > strconf < /dev/hme (or whatever your network interface is) > >This should return two lines of output. One with pfil, the other with >hme. But I am not getting the pfil line... > >Any ideas? I cannot find any info in the package where it is added; and >there is no info on google; and no, unfortunately I cannot upgrade to >version 10 Solaris....I have tried this on two different sun blade >100's, and both give the same result. > >Will summarize... > >Cheers > >Paul -------------------------------------------------------------- So you've already pkgadded ipfilter and pfil. Find out the name of the pfil package with pkginfo. For my installation it is "pfil". Do a "pkgchk -l pfil" to find out where the package installed.. Anyway, the pfil and ipf modules need to inserted into the kernel. You can do a modload for each but I recommend adding your ipf rules to /etc/opt/ipf/ipf.conf (such as "block in log on bge0 proto icmp from any to <ipaddress> icmp-type 17) and reboot the server. Now use modinfo to see that the modules are loaded: $modinfo | grep ipf 101 78078000 38980 210 1 ipf (IP Filter: v4.1.8) $modinfo | grep pfil 91 13f5f14 63d2 16 1 pfil (pfil Streams module 2.1.6) 91 13f5f14 63d2 209 1 pfil (pfil Streams driver 2.1.6) -------------------------------------------------------------- I'm not sure what you want to do. Do you want to check if pfil is bounded to the interface? If so just check with: ifconfig <interface> modlist If it's not there then just do: ifconfig <interface> modinsert pfil@2 -------------------------------------------------------------- See the modules running on hme: ifconfig hme0 modlist Without pfil you should see something akin to: 0 arp 1 ip 2 hme Then try manually adding it (use the integer listed for hme from the last output -- that's where you want to insert the pfil module): ifconfig hme0 modinsert pfil@2 -------------------------------------------------------------- I had a similar problem to yours regarding packages. I ended up having to compile the pre-req and the ipfilters from source. One thing to note is that you have to make several changes to the make files for them to correctly compile on for a sparc 64 bit architecture. -------------------------------------------------------------- I, too, am fighting with IPFilter for Solaris 2.8. Sending a query to the IPFilter list is like sending a query to a "blackhole". If you've not done so already, try 1) disconnect / reconnect the ethernet cable to cause a reset on the interface. or 2) reboot -------------------------------------------------------------- _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Mon Oct 17 20:16:52 2005
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:52 EST