As many people may have become aware, since the release of Solaris10, it is currently not possible to perform firewalling between zones running on the same host, whether it be using IPFilter or Firewall-1 or some other product.
I'm happy to say that as of the 13th of July, the group I'm working with got the green light from the first review committee to proceed with a project to remedy this situation.
Unfortunately while the code to achieve this isn't a lot, there is still a lot of work we need to do (design review, testing, code review, etc) that when put together will turn the project into something that could easily take more than 6 months on the calendar. With this project we're looking to solve some more of the related, abstract, problems that need to be delt with in order for us to provide the best possible solution.
We're acutely aware of the need for this project to be completed yesterday and we're working feverishly to make sure it gets delivered ASAP, so in the mean time, please be patient.
When there's more progress to report, I'll update this blog, but for a while, it's likely to be just about successes in jumping through loops.