Packet Filter bundled in the upcoming Oracle Solaris 11.4

Oracle Solaris 11.4 includes the OpenBSD Packet Filter (PF) firewall for filtering TCP/IP traffic. PF firewall is a replacement to the IP Filter (IPF) in Oracle Solaris 11.4, enabling both bandwidth management and packet prioritization.

To use the PF firewall simply install the pkg:/network/firewall package and enable the service svc:/network/firewall:default.

Note: Make sure you configure the firewall before enabling the service. The default configuration puts the service to a degraded state. The degraded firewall blocks all inbound sessions except ssh. Outbound sessions are allowed.

PF includes the pflogd feature, a packet logging daemon that safely saves packets logged by the PF firewall. These packets are available from a capture datalink. The daemon reads packets from this datalink and stores them into a file. For more information, see the pflogd(8) man page.

PF supports ftp-proxy, a semi-transparent proxy for FTP, supporting IPv4 NAT. Systems running the PF firewall for NAT can use the ftp-proxy to allow FTP connections to pass through the firewall. For more information, see the ftp-proxy(8) man page.

For more information, see Chapter 3, "Oracle Solaris Firewall" in Securing the Network in Oracle Solaris 11.4 and the pfctl(8), pf.conf(7), and pf.os(7) man pages.

Read the entire article on the Oracle Solaris 11.4 upcoming features (PDF).