Subject: Re: admin script for ipfilter
To: Martin Husemann <>
From: Darren Reed <>
List: tech-userlevel
Date: 12/27/2006 00:43:40
On Wed, Dec 27, 2006 at 01:09:30AM +0100, Martin Husemann wrote:
> On Wed, Dec 27, 2006 at 12:04:47AM +0000, Darren Reed wrote:
> > What I hope is of more interest is doing "ipfadm ipfilter status",
> > where it will tell you if it is enabled, disabled, enabled but no rules,
> > or disabled but rules loaded.
> You mean like:
> [~] root@setting-sun > /etc/rc.d/ipfilter status
> ipf: IP Filter: v4.1.13 (480)
> Kernel: IP Filter: v4.1.13              
> Running: yes
> Log Flags: 0 = none set
> Default: pass all, Logging: available
> Active list: 0
> Feature mask: 0xa
> [~] root@setting-sun > 


That doesn't tell me if it should be enabled or if rules are loaded
and active, eg if I start ipmon now and do "ipfadm status", I see:

ipfilter disabled
ipfs disabled
ipmon disabled-but-running
ipnat disabled

....but some more work is needed too...

If it was "Running: no" above, then the idea is to have it return:
ipfilter enabled-not-running

or if it isn't built into the kernel:
ipfilter enabled-not-in-kernel

...the object being to reconcile and report what is in the rc.conf
config vs what is in the kernel (if anything.)