Introduction to Solaris IP Filter
Solaris IP Filter replaces the SunScreenTM firewall as the firewall software for the
Solaris Operating System (Solaris OS). Like the SunScreen firewall, Solaris IP Filter provides
stateful packet filtering and network address translation (NAT). Solaris IP Filter also includes
stateless packet filtering and the ability to create and manage address pools.
Packet filtering provides basic protection against network-based attacks. Solaris IP Filter can filter
by IP address, port, protocol, network interface, and traffic direction. Solaris IP Filter
can also filter by an individual source IP address, a destination IP address,
by a range of IP addresses, or by address pools.
Solaris IP Filter is derived from open source IP Filter software. To view
license terms, attribution, and copyright statements for open source IP Filter, the default
path is /usr/lib/ipf/IPFILTER.LICENCE. If the Solaris OS has been installed anywhere other than
the default, modify the given path to access the file at the installed
location.
Information Sources for Open Source IP Filter
The home page for the open source IP Filter software by Darren
Reed is found at https://coombs.anu.edu.au/~avalon/ip-filter.html. This site includes information for open source IP
Filter, including a link to a tutorial entitled “IP Filter Based Firewalls HOWTO” (Brendan
Conoboy and Erik Fichtner, 2002). This tutorial provides step-by-step instructions for building firewalls
in a BSD UNIX environment. Although written for a BSD UNIX environment, the
tutorial is also relevant for the configuration of Solaris IP Filter.
