Packet Filter bundled in the upcoming Oracle® Solaris 11.4

Oracle Solaris 11.4 includes the OpenBSD Packet Filter (PF) firewall for filtering TCP/IP traffic. PF firewall is a replacement to the IP Filter (IPF) in Oracle Solaris 11.4, enabling both bandwidth management and packet prioritization.

To use the PF firewall, install the pkg:/network/firewall package and enable the svc:/network/firewall:default service instance

PF includes the pflogd feature, a packet logging daemon that safely saves packets logged by the PF firewall. These packets are available from a capture datalink. The daemon reads packets from this datalink and stores them into a file. For more information, see the pflogd(8) man page.

PF supports ftp-proxy, a semi-transparent proxy for FTP, supporting IPv4 NAT. Systems running the PF firewall for NAT can use the ftp-proxy to allow FTP connections to pass through the firewall. For more information, see the ftp-proxy(8) man page.

For more information, see Chapter 3, "Oracle Solaris Firewall" in Securing the Network in Oracle Solaris 11.4 and the pfctl(8), pf.conf(7), and pf.os(7) man pages.

Read the entire article on the Oracle® Solaris 11.4 upcoming features (PDF).