On Wed, Dec 27, 2006 at 01:09:30AM +0100, Martin Husemann wrote:
> On Wed, Dec 27, 2006 at 12:04:47AM +0000, Darren Reed wrote:
> > What I hope is of more interest is doing "ipfadm ipfilter status",
> > where it will tell you if it is enabled, disabled, enabled but no rules,
> > or disabled but rules loaded.
> 
> You mean like:
> 
> [~] root@setting-sun > /etc/rc.d/ipfilter status
> ipf: IP Filter: v4.1.13 (480)
> Kernel: IP Filter: v4.1.13              
> Running: yes
> Log Flags: 0 = none set
> Default: pass all, Logging: available
> Active list: 0
> Feature mask: 0xa
> [~] root@setting-sun > 

No.

That doesn't tell me if it should be enabled or if rules are loaded
and active, eg if I start ipmon now and do "ipfadm status", I see:

ipfilter disabled
ipfs disabled
ipmon disabled-but-running
ipnat disabled

....but some more work is needed too...

If it was "Running: no" above, then the idea is to have it return:
ipfilter enabled-not-running

or if it isn't built into the kernel:
ipfilter enabled-not-in-kernel

...the object being to reconcile and report what is in the rc.conf
config vs what is in the kernel (if anything.)

Darren