anyone with experience with IP Filter on Solaris?

anyone with experience with IP Filter on Solaris?

Post by Mark Parke » Sun, 16 Sep 2001 08:19:11



I'm needing a firewall and wonder if anyone has anything to say about IP
Filter on a Solaris box, good or bad.

-mark

 
 
 

anyone with experience with IP Filter on Solaris?

Post by Count Zero Interru » Sun, 16 Sep 2001 13:59:34




>I'm needing a firewall and wonder if anyone has anything to say about IP
>Filter on a Solaris box, good or bad.

I run it on both Solaris 2.6 (v3.3.8) and Solaris 2.8 (v3.4.20) at two
different sites.

For a long while it was the only firewall I used between myself and
the internet (eventually I bought Linksys and Barricade boxes -- this
was cheaper than buying an extra NIC for a Sun).  I now run ipfilter
internally mainly as an extra precaution, to check that nothing
untoward gets past the hardware firewalls.

The solaris 8 version was an unexpected pain in the ass because it
requires a 64 bit compiler (which you have to download from Sun, and
it's quite large. Luckily it comes with a 30 day free demo license. If
you need to make code changes after 30 days then I guess you're just
SOL).

As usual, the most difficult part is to make sure your configuration
is watertight (an issue shared by most firewalls). It helps to keep
the config simple. The only incoming service I allow is ssh, and then
only from certain source addresses.

I tried various port scanning web sites: ipfilter seemed to keep them
all out and allowed me to stealth my boxes. It doesn't appear to
impact download speeds at all, at least up to 1Mb/sec. which is the
fastest transfer I've done on my LAN.

HTH,

Bobby.

 
 
 

anyone with experience with IP Filter on Solaris?

Post by pe.. » Sun, 16 Sep 2001 17:28:10



Quote:> I'm needing a firewall and wonder if anyone has anything to say about IP
> Filter on a Solaris box, good or bad.

ipfioter yes, solaris box, maybe ( if you have it for free, and also have
sun's compiler for free. If not it's much more cost-efficient to
get an intel system and an openbsd-CD kit )

/PS
in my opinion sun is shooting themself in their foot by not distributing
their c-compiler "for free" with their os.
/DS

Quote:> -mark

--
Peter H?kanson        
        IPSec  Sverige      (At the Riverside of Gothenburg, home of Volvo)
           Sorry about my e-mail address, but i'm trying to keep spam out.
           Remove "icke-reklam"and "invalid"  and it works.
 
 
 

anyone with experience with IP Filter on Solaris?

Post by Dennis Grevenstei » Tue, 18 Sep 2001 02:13:52


Hi,


> I'm needing a firewall and wonder if anyone has anything to say about IP
> Filter on a Solaris box, good or bad.

I have used ipfilter on Solaris 7 and 8 and I can say that it's a very
good firewall toolkit. In fact I prefer ipfilter to a Linux based
firewall. It's very reliable and does not require much recources.
There are a lot of example configurations available too, so it should
be relatively easy to build up a secure firewall.

HTH
Dennis

--
Cats are smarter than dogs.  You can't make eight cats pull a sled through
the snow.

 
 
 

anyone with experience with IP Filter on Solaris?

Post by Mark Parke » Wed, 19 Sep 2001 00:01:59


Thanks for all the info. Sounds like a general yes so I'm going to put it on
a box and see how things go.

-mark


Quote:> I'm needing a firewall and wonder if anyone has anything to say about IP
> Filter on a Solaris box, good or bad.

> -mark

 
 
 

1. Anyone experience with Solaris 8 IP multipathing?

Hi

I have to setup an E10000 domain for an important project. Network
attachment is configured with two qfe cards. I've played around with
in.mpathd, and it seems to work. If i unplug the cable on one qfe, all
adresses switch to the other card.
But my company never used this stuff on a production (neither a test)
system, and i would like to know if anyone has used this feature on a
server under heavy load and if there where any problems.

Regards

Chris

2. pb de date avec drlaix/wtmp

3. IP Filter mapping question for the experienced

4. NFS problem mount: RPC: Program not registered

5. Anyone with experience using Solaris on a Sony VAIO laptop?

6. subscribe adiaz@top-log.es

7. Anyone have experience running OLIT applications under GNOME/Solaris?

8. 7043-140 won't boot

9. Anyone have experience with Eudora's poppassd on Solaris 2.6?

10. Anyone with Digi Etherlite/Solaris experience?

11. Does anyone have Solaris 8 64-bit virtual address space experience?

12. Looking for anyone with experience using devilspie on Solaris/GNOME

13. Anyone ported ipacl or other packet filtering SW to Solaris ?