Print this page
12745 man page typos

Split Close
Expand all
Collapse all
          --- old/usr/src/man/man1m/ipf.1m
          +++ new/usr/src/man/man1m/ipf.1m
   1    1  '\" te
   2    2  .\" To view license terms, attribution, and copyright for IP Filter, the default path is /usr/lib/ipf/IPFILTER.LICENCE. If the Solaris operating environment has been installed anywhere other than the default, modify the given path to access the file at the installed
   3    3  .\" location.
   4    4  .\" Portions Copyright (c) 2009, Sun Microsystems Inc. All Rights Reserved.
   5    5  .\" Portions Copyright (c) 2015, Joyent, Inc.
   6      -.TH IPF 1M "April 9, 2016"
        6 +.TH IPF 1M "May 17, 2020"
   7    7  .SH NAME
   8    8  ipf \- alter packet filtering lists for IP packet input and output
   9    9  .SH SYNOPSIS
  10      -.LP
  11   10  .nf
  12   11  \fBipf\fR [\fB-6AdDEGInoPRrsvVyzZ\fR] [\fB-l\fR block | pass | nomatch]
  13   12       [\fB-T\fR \fIoptionlist\fR] [\fB-F\fR i | o | a | s | S] \fB-f\fR \fIfilename\fR
  14   13       [\fB-f\fR \fIfilename\fR...] [\fIzonename\fR]
  15   14  .fi
  16   15  
  17   16  .SH DESCRIPTION
  18      -.LP
  19   17  The \fBipf\fR utility is part of a suite of commands associated with the
  20   18  Solaris IP Filter feature. See \fBipfilter\fR(5).
  21   19  .sp
  22   20  .LP
  23   21  The \fBipf\fR utility opens the filenames listed (treating a hyphen (\fB-\fR)
  24   22  as stdin) and parses the file for a set of rules which are to be added or
  25   23  removed from the packet filter rule set.
  26   24  .sp
  27   25  .LP
  28   26  If there are no parsing problems, each rule processed by \fBipf\fR is added to
  29   27  the kernel's internal lists. Rules are added to the end of the internal lists,
  30   28  matching the order in which they appear when given to \fBipf\fR.
  31   29  .sp
  32   30  .LP
  33   31  \fBipf\fR's use is restricted through access to \fB/dev/ipauth\fR,
  34   32  \fB/dev/ipl\fR, and \fB/dev/ipstate\fR. The default permissions of these files
  35   33  require \fBipf\fR to be run as root for all operations.
  36   34  .SS "Enabling Solaris IP Filter Feature"
  37      -.LP
  38   35  Solaris IP Filter is installed with the Solaris operating system. However,
  39   36  packet filtering is not enabled by default. Use the following procedure to
  40   37  activate the Solaris IP Filter feature.
  41   38  .RS +4
  42   39  .TP
  43   40  1.
  44   41  Assume a role that includes the IP Filter Management rights profile (see
  45   42  \fBrbac\fR(5)) or become superuser.
  46   43  .RE
  47   44  .RS +4
↓ open down ↓ 6 lines elided ↑ open up ↑
  54   51  .TP
  55   52  3.
  56   53  (Optional) Create a network address translation (NAT) configuration file.
  57   54  See \fBipnat\fR(4).
  58   55  .RE
  59   56  .RS +4
  60   57  .TP
  61   58  4.
  62   59  (Optional) Create an address pool configuration file. See \fBippool\fR(4).
  63   60  .sp
  64      -Create an \fBipool.conf\fR file if you want to refer to a group of addresses as
       61 +Create an \fBippool.conf\fR file if you want to refer to a group of addresses as
  65   62  a single address pool. If you want the address pool configuration file to be
  66   63  loaded at boot time, create a file called \fB/etc/ipf/ippool.conf\fR in which
  67   64  to put the address pool. If you do not want the address pool configuration file
  68   65  to be loaded at boot time, put the \fBippool.conf\fR file in a location other
  69   66  than \fB/etc/ipf\fR and manually activate the rules.
  70   67  .RE
  71   68  .RS +4
  72   69  .TP
  73   70  5.
  74   71  Enable Solaris IP Filter, as follows:
↓ open down ↓ 76 lines elided ↑ open up ↑
 151  148  See \fBipnat\fR(1M).
 152  149  .RE
 153  150  .LP
 154  151  Note -
 155  152  .sp
 156  153  .RS 2
 157  154  If you reboot your system, the IPfilter configuration is automatically
 158  155  activated.
 159  156  .RE
 160  157  .SH OPTIONS
 161      -.LP
 162  158  The following options are supported:
 163  159  .sp
 164  160  .ne 2
 165  161  .na
 166  162  \fB\fB-6\fR\fR
 167  163  .ad
 168  164  .sp .6
 169  165  .RS 4n
 170  166  This option is required to parse IPv6 rules and to have them loaded. Loading of
 171  167  IPv6 rules is subject to change in the future.
↓ open down ↓ 290 lines elided ↑ open up ↑
 462  458  .na
 463  459  \fB\fB-Z\fR\fR
 464  460  .ad
 465  461  .sp .6
 466  462  .RS 4n
 467  463  Zero global statistics held in the kernel for filtering only. This does not
 468  464  affect fragment or state statistics.
 469  465  .RE
 470  466  
 471  467  .SH ZONES
 472      -.LP
 473  468  Each non-global zone has two ipfilter instances: the in-zone ipfilter, which
 474  469  can be controlled from both the zone itself and the global zone, and the
 475  470  Global Zone-controlled (GZ-controlled) instance, which can only be controlled
 476  471  from the Global Zone. The non-global zone is not able to observe or control
 477  472  the GZ-controlled ipfilter.
 478  473  
 479  474  ipf optionally takes a zone name as an argument, which will change the
 480  475  ipfilter settings for that zone, rather than the current one. The zonename
 481  476  option is only available in the Global Zone. Using it in any other zone will
 482  477  return an error. If the \fB-G\fR option is specified with this argument, the
↓ open down ↓ 35 lines elided ↑ open up ↑
 518  513  .ne 2
 519  514  .na
 520  515  \fB\fB/usr/share/ipfilter/examples/\fR\fR
 521  516  .ad
 522  517  .sp .6
 523  518  .RS 4n
 524  519  Contains numerous IP Filter examples.
 525  520  .RE
 526  521  
 527  522  .SH ATTRIBUTES
 528      -.LP
 529  523  See \fBattributes\fR(5) for descriptions of the following attributes:
 530  524  .sp
 531  525  
 532  526  .sp
 533  527  .TS
 534  528  box;
 535  529  c | c
 536  530  l | l .
 537  531  ATTRIBUTE TYPE  ATTRIBUTE VALUE
 538  532  _
 539  533  Interface Stability     Committed
 540  534  .TE
 541  535  
 542  536  .SH SEE ALSO
 543      -.LP
 544  537  \fBipfstat\fR(1M), \fBipmon\fR(1M), \fBipnat\fR(1M), \fBippool\fR(1M),
 545  538  \fBsvcadm\fR(1M), \fBsvc.ipfd\fR(1M), \fBipf\fR(4), \fBipnat\fR(4),
 546  539  \fBippool\fR(4), \fBattributes\fR(5), \fBipfilter\fR(5), \fBzones(5)\fR
 547  540  .sp
 548  541  .LP
 549  542  \fI\fR
 550  543  .SH DIAGNOSTICS
 551      -.LP
 552  544  Needs to be run as root for the packet filtering lists to actually be affected
 553  545  inside the kernel.
    
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX