Thursday Aug 02, 2012

Solaris 11 Firewall


Oracle Solaris 11 includes software firewall.
In the cloud, this means that the need for expensive network hardware can be reduced while changes to network configurations can be made quickly and easily.
You can use the following script in order to manage the Solaris 11 firewall.
The script runs on Solaris 11 (global zone) and Solaris 11 Zone with exclusive ip stack (the default).

Script usage and examples:

Enable and start the firewall service

# fw.ksh start

Enable and start the firewall service in addition to that it reads the firewall rules from /etc/ipf/ipf.conf.
For more firewall rules examples see here.

Disable and stop the firewall service

# fw.ksh stop

Restart the firewall service after modifying the rules of /etc/ipf/ipf.conf.

# fw.ksh restart

Checking the firewall status

# fw.ksh status

The script will print the firewall status (online,offline) and the active rules.

This section provides the script. The recommendation is to copy the content and paste it into the suggested file name using gedit to create the file on Oracle Solaris 11.

# more fw.ksh


#! /bin/ksh

#

# FILENAME:    fw.ksh

# Manage Solaris firewall script

# Usage:

# fw.ksh {start|stop|restart|status}


case "$1" in

 start)

        /usr/sbin/svcadm enable svc:/network/ipfilter:default


         while [[ $serviceStatus != online && $serviceStatus != maintenance ]] ; do

            sleep 5

            serviceStatus=`/usr/bin/svcs -H -o STATE svc:/network/ipfilter:default`

        done

        /usr/sbin/ipf -Fa -f /etc/ipf/ipf.conf

   ;;

 restart)

        $0 stop

        $0 start

   ;;

 stop)

        /usr/sbin/svcadm disable svc:/network/ipfilter:default

   ;;

 status)

        serviceStatus=`/usr/bin/svcs -H -o STATE svc:/network/ipfilter:default`


        if [[ $serviceStatus != "online" ]] ; then

            /usr/bin/echo "The Firewall service is offline"

        else

            /usr/bin/echo "\nThe Firewall service is online\n"

            /usr/sbin/ipfstat -io

        fi

   ;;

*)

        /usr/bin/echo "Usage: $0 {start|stop|restart|status}"

        exit 1

   ;;

esac

exit 0

About

This blog covers cloud computing, big data and virtualization technologies

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today