Solaris IP Filtering

Solaris IP Filter integrates the open source IP Filter software into Solaris 10. IP Filter provides stateful packet filtering capabilities and can filter packets by IP address or network, port, protocol, network interface, and traffic direction. In addition, it also has the ability to perform network address translation (NAT) and port address translation (PAT). IP Filter supports both IPv4 and IPv6, and is configured using a simple firewall rules policy language. Information and examples on the syntax of the policy language can be found in ipf(4).

IP Filter can be enabled using the SMF service svc:/network/ipfilter:default or ipfilter, for short:

# svcs ipfilter
STATE          STIME     FMRI
disabled       Sep_16    svc:/network/ipfilter:default
# svcadm enable -r ipfilter
# svcs ipfilter
STATE          STIME     FMRI
online         14:39:44  svc:/network/ipfilter:default

By default, the IP Filter configuration is stored in /etc/ipf/ipf.conf. Using the ipfstat(1M) command, the list of incoming and outgoing rules being enforced can be displayed:

# ipfstat -io
pass out quick all keep state keep frags
block in quick from any to any port = 137
block in quick from any to any port = 138
block in quick from any to any port = 139
pass in quick proto udp from any to any port = ike
pass in quick proto udp from any to any port = 4500
pass in quick proto esp from any to any
pass in log quick proto tcp from to any port = ssh
block in log all
block in from any to
block in from any to

The example shown above illustrates an example IP Filter rule set that could be used on a desktop or laptop since it does not restrict outbound communication but blocks nearly everything attempting to communicate to the system. The above example also includes support for IPsec/IKE and incoming Secure Shell (from a specific network). The ipfstat(1M) command can also be used to collect valuable information and statistics regarding how IP Filter is functioning.

IP Filter can logs information to the syslog facility. The following example illustrates a blocked telnet connection attempt from to

Sep 18 14:47:50 blackhole ipmon[7237]: [ID 702911 local0.warning]
14:47:50.075431 ip.tun0 @0:12 b,52854 ->,23 PR tcp
len 20 52 -S IN


For more information on IP Filter, see: