Sparcitecture

Later patch levels of Solaris 8 break ipfilter installations. You cannot trust ipfstat in this case - it will still show a running ruleset even though it is not in effect.

Symptoms to look for include:

• The message “pfil not configured for firewall/NAT operation” when issuing a ipfboot stop/start/reload.
• A “/kernel/drv/sparcv9/pfil symbol miocpullup multiply defined” message when booting.
• The pfil module not listed when you do an ifconfig modlist.

If you have this problem download new copies of pfil and ip_filter (or do a “make clean” if you still have the old sources) and then remove the definition of miocpullup() at the end of pfil/SunOS/pfildrv.c (remove the entire if clause) and recompile pfil and ip_filter.

[tags]solaris,ipfilter,howto[/tags]

[composed and posted with ecto]