New features for ipfilter

After a few discussions within the development team, with our marketing folks and with several customers I came to the conclusion that these are the features that we have to add to ipfilter:
  • Enabling ipfilter within Solaris Containers: This will allow the user of a Solaris Container to set their own fire wall rules just like if they were running their own machine. That way the user has full control over their fire wall settings.
  • Stealth firewall: This would allow filtering bridging traffic. Bridging is a feature that we are currently implementing.
  • Comprehensive set of APIs into ipfilter: We have several customer requests for this right already. The right thing to do here is to come up with a comprehensive set rather than doing a number of one-offs. Lots of customers and ISVs would greatly benefit from this.
  • ipf performance: We need to have a look at this one to see whether we can do further improvements in this department.
  • RPC proxy support
  • Improve usability, e.g. sample rule files

Aside from that we really need to write a comprehensive white paper. All that's available right now on bigadmin is the following: http://www.sun.com/bigadmin/features/articles/ipfilter.html

Comments?
Markus
Comments:

So where's the stuff to improve the usability, such as pre-canned rules for common configurations, or tools to help in generating the best rulesets, or simulation to figure out whether the ruleset does what the user wants? Clearly, you talked to existing users - what about the ones who'd like to use it but find it just too hard to figure out where to start?

Posted by Dave Miner on January 18, 2006 at 04:05 AM PST #

Post a Comment:
Comments are closed for this entry.
About

MarkusFlierl-Oracle

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today