SEARCH
TOOLBOX
LANGUAGES
IPF

IPF

From GarrettHoneycutt

Jump to: navigation, search

IPF Commands

Copied from http://www.homepage.montana.edu/~unixuser/031705/create_solaris_ipf.html

Note that the Solaris 10 implementation of ipf will start ipmon.
Ipmon is the ipf utility used to monitor and log packets.  By default,
ipmon will write logged packets to /var/adm/messages. 
 
 
Some Commonly used ipf commands
===============================
 
ipf -E                          : Enable ipfilter when running
                                : for the first time.
            : (Needed for ipf on Tru64)
 
ipf -f /etc/ipf/ipf.conf        : Load rules in /etc/ipf/ipf.conf file
                                : into the active firewall.
 
ipf -Fa -f /etc/ipf/ipf.conf    : Flush all rules, then load rules in
                                : /etc/ipf/ipf.conf into active firwall.
 
ipf -Fi                         : Flush all input rules.
 
ipf -I -f /etc/ipf/ipf.conf     : Load rules in /etc/ipf/ipf.conf file
                                : into inactive firewall.
 
ipf -V                          : Show version info and active list.
 
ipf -s                          : Swap active and inactive firewalls.
 
ipfstat                         : Show summary
 
ipfstat -i                      : Show input list
 
ipfstat -o                      : Show output list
 
ipfstat -hio                    : Show hits against all rules
 
ipfstat -t -T 5         : Monitor the state table and refresh every  
            : 5 seconds. Output is similiar to   
            : 'top' monitoring the process table.
 
ipmon -s S                      : Watch state table.
 
ipmon -sn                       : Write logged entries to syslog, and
                                : convert back to hostnames and servicenames.
 
ipmon -s [file]                 : Write logged entries to some file.
 
ipmon -Ds         : Run ipmon as a daemon, and log to
            : default location. 
            : (/var/adm/messages for Solaris)
            : (/var/log/syslog for Tru64)

Good idea for updating the ruleset

Save the output of the firewall before and after you make changes and reload it. Then review the diff's.

# ipfstat -i > ipfstat-in.before
# ipfstat -o > ipfstat-out.before

make changes to ipf.conf reload firewall

# ipfstat -i > ipfstat-in.after
# ipfstat -o > ipfstat-out.after
 
# diff ipfstat-out.before ipfstat-out.after
# diff ipfstat-in.before ipfstat-in.after