Solaris 11 Firewall

Guest Author

Oracle Solaris 11 includes software firewall.
In the cloud, this means that the need for expensive network hardware can be reduced while changes to network configurations can be made quickly and easily.
You can use the following script in order to manage the Solaris 11 firewall.
The script runs on Solaris 11 (global zone) and Solaris 11 Zone with exclusive ip stack (the default).
Script usage and examples:
Enable and start the firewall service
# fw.ksh start
Enable and start the firewall service in addition to that it reads the firewall rules from /etc/ipf/ipf.conf.
For more firewall rules examples see here.
Disable and stop the firewall service
# fw.ksh stop
Restart the firewall service after modifying the rules of /etc/ipf/ipf.conf.
# fw.ksh restart
Checking the firewall status
# fw.ksh status
The script will print the firewall status (online,offline) and the active rules.
This section provides the script. The recommendation is to copy the content and paste it into the suggested file name using gedit to create the file on Oracle Solaris 11.
# more fw.ksh

#! /bin/ksh


# FILENAME:    fw.ksh

# Manage Solaris firewall script

# Usage:

# fw.ksh {start|stop|restart|status}

case "$1" in


        /usr/sbin/svcadm enable svc:/network/ipfilter:default

         while [[ $serviceStatus != online && $serviceStatus != maintenance ]] ; do

            sleep 5

            serviceStatus=`/usr/bin/svcs -H -o STATE svc:/network/ipfilter:default`


        /usr/sbin/ipf -Fa -f /etc/ipf/ipf.conf



        $0 stop

        $0 start



        /usr/sbin/svcadm disable svc:/network/ipfilter:default



        serviceStatus=`/usr/bin/svcs -H -o STATE svc:/network/ipfilter:default`

        if [[ $serviceStatus != "online" ]] ; then

            /usr/bin/echo "The Firewall service is offline"


            /usr/bin/echo "\nThe Firewall service is online\n"

            /usr/sbin/ipfstat -io




        /usr/bin/echo "Usage: $0 {start|stop|restart|status}"

        exit 1



exit 0

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.