typo-gate Sdiff usr/src/man/man1m/ipf.1m.man

Print this page

12745 man page typos

  31        /dev/ipstate. The default permissions of these files require ipf to be
  32        run as root for all operations.
  33 
  34    Enabling Solaris IP Filter Feature
  35        Solaris IP Filter is installed with the Solaris operating system.
  36        However, packet filtering is not enabled by default. Use the following
  37        procedure to activate the Solaris IP Filter feature.
  38 
  39            1.     Assume a role that includes the IP Filter Management rights
  40                   profile (see rbac(5)) or become superuser.
  41 
  42            2.     Configure system and services' firewall policies. See
  43                   svc.ipfd(1M) and ipf(4).
  44 
  45            3.     (Optional) Create a network address translation (NAT)
  46                   configuration file.  See ipnat(4).
  47 
  48            4.     (Optional) Create an address pool configuration file. See
  49                   ippool(4).
  50 
  51                   Create an ipool.conf file if you want to refer to a group of
  52                   addresses as a single address pool. If you want the address
  53                   pool configuration file to be loaded at boot time, create a
  54                   file called /etc/ipf/ippool.conf in which to put the address
  55                   pool. If you do not want the address pool configuration file
  56                   to be loaded at boot time, put the ippool.conf file in a
  57                   location other than /etc/ipf and manually activate the
  58                   rules.
  59 
  60            5.     Enable Solaris IP Filter, as follows:
  61 
  62                     # svcadm enable network/ipfilter
  63 
  64 
  65 
  66 
  67        To re-enable packet filtering after it has been temporarily disabled
  68        either reboot the machine or enter the following command:
  69 
  70          # svcadm enable network/ipfilter
  71 
  72 
  73 
  74 
  75        ...which essentially executes the following ipf commands:
  76 
  77            1.     Enable Solaris IP Filter:
  78

 333 
 334        +--------------------+-----------------+
 335        |  ATTRIBUTE TYPE    | ATTRIBUTE VALUE |
 336        +--------------------+-----------------+
 337        |Interface Stability | Committed       |
 338        +--------------------+-----------------+
 339 
 340 SEE ALSO
 341        ipfstat(1M), ipmon(1M), ipnat(1M), ippool(1M), svcadm(1M),
 342        svc.ipfd(1M), ipf(4), ipnat(4), ippool(4), attributes(5), ipfilter(5),
 343        zones(5)
 344 
 345 
 346 
 347 DIAGNOSTICS
 348        Needs to be run as root for the packet filtering lists to actually be
 349        affected inside the kernel.
 350 
 351 
 352 
 353                                  April 9, 2016                         IPF(1M)

  31        /dev/ipstate. The default permissions of these files require ipf to be
  32        run as root for all operations.
  33 
  34    Enabling Solaris IP Filter Feature
  35        Solaris IP Filter is installed with the Solaris operating system.
  36        However, packet filtering is not enabled by default. Use the following
  37        procedure to activate the Solaris IP Filter feature.
  38 
  39            1.     Assume a role that includes the IP Filter Management rights
  40                   profile (see rbac(5)) or become superuser.
  41 
  42            2.     Configure system and services' firewall policies. See
  43                   svc.ipfd(1M) and ipf(4).
  44 
  45            3.     (Optional) Create a network address translation (NAT)
  46                   configuration file.  See ipnat(4).
  47 
  48            4.     (Optional) Create an address pool configuration file. See
  49                   ippool(4).
  50 
  51                   Create an ippool.conf file if you want to refer to a group
  52                   of addresses as a single address pool. If you want the
  53                   address pool configuration file to be loaded at boot time,
  54                   create a file called /etc/ipf/ippool.conf in which to put
  55                   the address pool. If you do not want the address pool
  56                   configuration file to be loaded at boot time, put the
  57                   ippool.conf file in a location other than /etc/ipf and
  58                   manually activate the rules.
  59 
  60            5.     Enable Solaris IP Filter, as follows:
  61 
  62                     # svcadm enable network/ipfilter
  63 
  64 
  65 
  66 
  67        To re-enable packet filtering after it has been temporarily disabled
  68        either reboot the machine or enter the following command:
  69 
  70          # svcadm enable network/ipfilter
  71 
  72 
  73 
  74 
  75        ...which essentially executes the following ipf commands:
  76 
  77            1.     Enable Solaris IP Filter:
  78

 333 
 334        +--------------------+-----------------+
 335        |  ATTRIBUTE TYPE    | ATTRIBUTE VALUE |
 336        +--------------------+-----------------+
 337        |Interface Stability | Committed       |
 338        +--------------------+-----------------+
 339 
 340 SEE ALSO
 341        ipfstat(1M), ipmon(1M), ipnat(1M), ippool(1M), svcadm(1M),
 342        svc.ipfd(1M), ipf(4), ipnat(4), ippool(4), attributes(5), ipfilter(5),
 343        zones(5)
 344 
 345 
 346 
 347 DIAGNOSTICS
 348        Needs to be run as root for the packet filtering lists to actually be
 349        affected inside the kernel.
 350 
 351 
 352 
 353                                  May 17, 2020                          IPF(1M)