diff options
| author | Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org> | 2016-02-21 18:17:04 +0100 |
|---|---|---|
| committer | Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org> | 2016-05-01 22:04:40 +0200 |
| commit | 2bd8b3545dceb97f56401b7ad2a327e08d520574 (patch) | |
| tree | 399223abbc8f40d05799c59470bfb7a28882e05a /usr/src/cmd/ipf | |
| parent | d14b1d19b404dcc4795d8a76751a186717a0ddaa (diff) | |
| download | illumos-joyent-2bd8b3545dceb97f56401b7ad2a327e08d520574.tar.gz | |
6881 SMF ipfilter tries to unload module in zones
6882 SMF ipfilter lacks a property for a IPv6 custom policy file
6884 SMF ipfilter tuple_get_port needs to remove backslashes
Reviewed by: Cody Mello <melloc@joyent.com>
Approved by: Robert Mustacchi <rm@joyent.com>
Diffstat (limited to 'usr/src/cmd/ipf')
| -rw-r--r-- | usr/src/cmd/ipf/svc/ipfilter | 2 | ||||
| -rw-r--r-- | usr/src/cmd/ipf/svc/ipfilter.xml | 5 |
2 files changed, 5 insertions, 2 deletions
diff --git a/usr/src/cmd/ipf/svc/ipfilter b/usr/src/cmd/ipf/svc/ipfilter index 2e6f2189f6..48e3e2e915 100644 --- a/usr/src/cmd/ipf/svc/ipfilter +++ b/usr/src/cmd/ipf/svc/ipfilter @@ -214,7 +214,7 @@ case "$1" in fi ipf -D - [ -n "$ipfid" ] && modunload -i $ipfid + [ "$zone" = "global" -a -n "$ipfid" ] && modunload -i $ipfid ;; pause) diff --git a/usr/src/cmd/ipf/svc/ipfilter.xml b/usr/src/cmd/ipf/svc/ipfilter.xml index e4a70405c1..5f088f5344 100644 --- a/usr/src/cmd/ipf/svc/ipfilter.xml +++ b/usr/src/cmd/ipf/svc/ipfilter.xml @@ -106,7 +106,10 @@ <propval name='policy' type='astring' value='none' /> <propval name='block_policy' type='astring' value='none' /> - <propval name='custom_policy_file' type='astring' value='' /> + <propval name='custom_policy_file' type='astring' + value='/etc/ipf/ipf.conf' /> + <propval name='custom_policy_file_6' type='astring' + value='/etc/ipf/ipf6.conf' /> <propval name='apply_to' type='astring' value='' /> <propval name='apply_to_6' type='astring' value='' /> <propval name='exceptions' type='astring' value='' /> |