How to remove this ipf rule?
in [Solaris]
|
Prev: Inter-Zone Networking
Next: cron
From: Mr. Chow Wing Siu on 8 Jul 2010 14:20 Hi, I use script to insert/remove ipf fules: echo "pass in quick on bnx0 proto tcp from any to 192.168.0.1/32 port = 80 flags S/FSRPAU keep state keep frags" | /usr/sbin/ipf -r -f - echo "pass in quick on bnx0 proto tcp from any to 192.168.0.1/32 port = 80 flags S/FSRPAU keep state keep frags" | /usr/sbin/ipf -f - However I find that these two lines cannot be run normally. Do you have any idea? Thanks. -- Johnson Chow
From: Oscar del Rio on 8 Jul 2010 17:56 On 07/ 8/10 02:20 PM, Mr. Chow Wing Siu wrote: > I use script to insert/remove ipf fules: > > echo "pass in quick on bnx0 proto tcp from any to 192.168.0.1/32 port = 80 flags S/FSRPAU keep state keep frags" | /usr/sbin/ipf -r -f - > echo "pass in quick on bnx0 proto tcp from any to 192.168.0.1/32 port = 80 flags S/FSRPAU keep state keep frags" | /usr/sbin/ipf -f - > > However I find that these two lines cannot be run normally. Don't know what you mean by "cannot be run normally". Any errors? I usually use the format of "ipfstat -ion" ('n' option to show rule numbers) and feed the same format into ipf echo "@10 pass in quick etc etc" | ipf -f -
From: Mr. Chow Wing Siu on 8 Jul 2010 20:59 Oscar del Rio <delrio(a)mie.utoronto.ca> wrote: > On 07/ 8/10 02:20 PM, Mr. Chow Wing Siu wrote: > > I use script to insert/remove ipf fules: > > > > echo "pass in quick on bnx0 proto tcp from any to 192.168.0.1/32 port = 80 flags S/FSRPAU keep state keep frags" | /usr/sbin/ipf -r -f - > > echo "pass in quick on bnx0 proto tcp from any to 192.168.0.1/32 port = 80 flags S/FSRPAU keep state keep frags" | /usr/sbin/ipf -f - > > > > However I find that these two lines cannot be run normally. > Don't know what you mean by "cannot be run normally". Any errors? > I usually use the format of "ipfstat -ion" ('n' option to show rule > numbers) and feed the same format into ipf > echo "@10 pass in quick etc etc" | ipf -f - -------------------------------------------------------- What exactly is: echo "pass in quick on bnx0 proto tcp from any to 192.168.0.1/32 port = 80 flags S/FSRPAU keep state keep frags" | /usr/sbin/ipf -r -f - cannot be *****removed normally***** from the internal list. Your suggestion cannot work too. echo "@36 pass in quick on bnx0 proto tcp from any to 192.168.0.1/32 port = 80 flags S/FSRPAU keep state keep frags" | /usr/sbin/ipf -r -f - -- Johnson Chow
|
Pages: 1 Prev: Inter-Zone Networking Next: cron |