IPFilter problems on Solaris 8
Later patch levels of Solaris 8 break ipfilter installations. You cannot trust ipfstat in this case - it will still show a running ruleset even though it is not in effect.
Symptoms to look for include:
- The message “pfil not configured for firewall/NAT operation” when issuing a ipfboot stop/start/reload.
- A “/kernel/drv/sparcv9/pfil symbol miocpullup multiply defined” message when booting.
- The pfil module not listed when you do an ifconfig
modlist.
If you have this problem download new copies of pfil and ip_filter (or do a “make clean” if you still have the old sources) and then remove the definition of miocpullup() at the end of pfil/SunOS/pfildrv.c (remove the entire if clause) and recompile pfil and ip_filter.
[tags]solaris,ipfilter,howto[/tags]
[composed and posted with ecto]
