1- Start by check ipfilter status if it’s running you can go ahead and configure rules<\/p>\n
-bash-3.00$ svcs -a|grep -i ipfil
\nonline 10:29:37 svc:\/network\/ipfilter:default<\/p><\/blockquote>\nif it’s disabled enable it<\/p>\n
#svcadm enable ipfilter<\/p><\/blockquote>\n
2- Display rules\u00a0<\/span><\/p>\n
#bash-3.00ipfstat -io
\nblock out all
\npass out quick on lo0 all
\npass out quick on eri0 proto tcp\/udp from eri0\/32 to any port = domain with keep state
\npass out quick on eri0 proto tcp from eri0\/32 to any port = http keep state
\npass out quick on eri0 proto icmp from 192.168.1.0\/24 to 192.168.1.0\/24
\nblock in all
\npass in quick on lo0 all
\npass in quick on eri0 proto icmp from 192.168.1.0\/24 to 192.168.1.0\/24
\npass in quick on eri0 proto tcp from any to eri0\/32 port = http keep state
\npass in quick on eri0 proto tcp\/udp from any to eri0\/32 port = domain with keep state<\/p><\/blockquote>\n3- Edit rules\u00a0<\/span>
\nunder\u00a0<\/span><\/p>\n\/etc\/ipf\/ipf.conf<\/p><\/blockquote>\n
<\/p>\n
#vi \/etc\/ipf\/ipf.conf<\/p><\/blockquote>\n
<\/p>\n
#
\n# ipf.conf
\n#
\n# IP Filter rules to be loaded during startup
\n#
\n# See ipf(4) manpage for more information on
\n# IP Filter rules syntax.
\n####
\nset intercept_loopback true;
\nblock in all
\nblock out all
\n### inbound traffic ###
\npass in quick on lo0 all
\npass in quick on eri0 proto icmp from 192.168.1.0\/24 to 192.168.1.0\/24
\npass in quick on eri0 proto tcp from any to eri0\/32 port = http keep state
\npass in quick on eri0 proto tcp\/udp from any to eri0\/32 port = domain keep state<\/p>\npass out quick on lo0 all
\npass out quick on eri0 proto tcp\/udp from eri0\/32 to any port = 53 keep state
\npass out quick on eri0 proto tcp from eri0\/32 to any port = http keep state
\npass out quick on eri0 proto icmp from 192.168.1.0\/24 to 192.168.1.0\/24<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"1- Start by check ipfilter status if it’s running you can go ahead and configure rules<\/p>\n
-bash-3.00$ svcs -a|grep -i ipfil online 10:29:37 svc:\/network\/ipfilter:default<\/p>\n
if it’s disabled enable it<\/p>\n
#svcadm enable ipfilter<\/p>\n
2- Display rules <\/p>\n
#bash-3.00ipfstat -io block out all pass out quick on lo0 all pass out quick on eri0 proto tcp\/udp from […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[39],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5123"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5123"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5123\/revisions"}],"predecessor-version":[{"id":5124,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5123\/revisions\/5124"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}