IPTables for Sun Solaris

IPTables for Sun Solaris

[Ruiyuan Jiang]

Hi, all

I am new to the list. I just downloaded iptables-1.3.3. From INSTALL
file, it seems IPTables only supports Linux. I have Solaris 10 for
SPARC. Does IPTables support Solaris and HP-UX, etc.? Thanks.


Ryan

Re: IPTables for Sun Solaris

[Toby DiPasquale]

On 8/9/05, Ruiyuan Jiang <Ruiyuan_Jiang@liz.com> wrote:
> I am new to the list. I just downloaded iptables-1.3.3. From INSTALL
> file, it seems IPTables only supports Linux. I have Solaris 10 for
> SPARC. Does IPTables support Solaris and HP-UX, etc.? Thanks.

No, iptables can only be used with Linux because it relies on the
netfilter framework in the Linux kernel. Solaris' kernel lacks
netfilter, therefore it cannot make use of iptables. You might be able
to get a command-line tool with the same interface as iptables for
Solaris, however; look around.

-- 
Toby DiPasquale
0x636f6465736c696e67657240676d61696c2e636f6d

Re: IPTables for Sun Solaris

[Tim Evans]

On Thu, 11 Aug 2005 08:22:33 -0400, Toby DiPasquale wrote

> No, iptables can only be used with Linux because it relies on the
> netfilter framework in the Linux kernel. Solaris' kernel lacks
> netfilter, therefore it cannot make use of iptables. You might be 
> able to get a command-line tool with the same interface as iptables for
> Solaris, however; look around.

Recent Solaris versions include 'ipfilter'.  Main site for ipfilter is
http://www.ipfilter.org/




--
Tim Evans, TKEvans.com, Inc.    |    5 Chestnut Court
tkevans@tkevans.com             |    Owings Mills, MD 21117
http://www.tkevans.com/         |    443-394-3864
http://www.come-here.com/News/  |    

Re: IPTables for Sun Solaris

[Toby DiPasquale]

On 8/11/05, Tim Evans <tkevans@tkevans.com> wrote:
> Recent Solaris versions include 'ipfilter'.  Main site for ipfilter is
> http://www.ipfilter.org/

Actually, this site doesn't exist. The main site for IP Filter is here:

http://coombs.anu.edu.au/~avalon/

-- 
Toby DiPasquale
0x636f6465736c696e67657240676d61696c2e636f6d

Re: IPTables for Sun Solaris

[Tim Evans]

On Thu, 11 Aug 2005 17:07:22 -0400 (EDT), R. DuFresne wrote

> Can we say sunscreen?  Of course IPF and IPFW seem to port well to 
> the SUN/Solaris envs...

In fact, Solaris 10 includes ipfilter if you do a full isntall; sunscreen is
*so* 2002.


--
Tim Evans, TKEvans.com, Inc.    |    5 Chestnut Court
tkevans@tkevans.com             |    Owings Mills, MD 21117
http://www.tkevans.com/         |    443-394-3864
http://www.come-here.com/News/  |    

Re: IPTables for Sun Solaris

[R. DuFresne]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Can we say sunscreen?  Of course IPF and IPFW seem to port well to the 
SUN/Solaris envs...


Thanks,

Ron DuFresne

On Thu, 11 Aug 2005, Toby DiPasquale wrote:

> On 8/9/05, Ruiyuan Jiang <Ruiyuan_Jiang@liz.com> wrote:
>> I am new to the list. I just downloaded iptables-1.3.3. From INSTALL
>> file, it seems IPTables only supports Linux. I have Solaris 10 for
>> SPARC. Does IPTables support Solaris and HP-UX, etc.? Thanks.
>
> No, iptables can only be used with Linux because it relies on the
> netfilter framework in the Linux kernel. Solaris' kernel lacks
> netfilter, therefore it cannot make use of iptables. You might be able
> to get a command-line tool with the same interface as iptables for
> Solaris, however; look around.
>
> --
> Toby DiPasquale
> 0x636f6465736c696e67657240676d61696c2e636f6d
>
>

- -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant:  sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC+74Nst+vzJSwZikRAqCMAKDPv24C0PQPXMnSr+GADF5dXbfr6QCfVXnP
/Dfepb21HrjU7TuXsDoYiog=
=rrcI
-----END PGP SIGNATURE-----

RE: IPTables for Sun Solaris

[Ruiyuan Jiang]

So Tim, does ipfilter satisfy all the Snort_inline requirement? I mean
can I install it on Solaris 10? Thanks.

Ryan 

-----Original Message-----
From: Tim Evans [mailto:tkevans@tkevans.com] 
Sent: Thursday, August 11, 2005 5:02 PM
To: R. DuFresne; Toby DiPasquale
Cc: netfilter@lists.netfilter.org; Ruiyuan Jiang
Subject: Re: IPTables for Sun Solaris

On Thu, 11 Aug 2005 17:07:22 -0400 (EDT), R. DuFresne wrote

> Can we say sunscreen?  Of course IPF and IPFW seem to port well to the

> SUN/Solaris envs...

In fact, Solaris 10 includes ipfilter if you do a full isntall;
sunscreen is
*so* 2002.


--
Tim Evans, TKEvans.com, Inc.    |    5 Chestnut Court
tkevans@tkevans.com             |    Owings Mills, MD 21117
http://www.tkevans.com/         |    443-394-3864
http://www.come-here.com/News/  |    

RE: IPTables for Sun Solaris

[Tim Evans]

>So Tim, does ipfilter satisfy all the Snort_inline requirement? I mean
>can I install it on Solaris 10? Thanks.

If you did a full Solaris 10 install, you already have it.  If not, it's on the 
Solaris CD's

$ uname -a
SunOS osprey 5.10 Generic_118822-08 sun4u sparc SUNW,Sun-Blade-1500

$ uname -a
SunOS osprey 5.10 Generic_118822-08 sun4u sparc SUNW,Sun-Blade-1500

$ pkginfo | grep "IP Filter"
system      SUNWipfr                         IP Filter utilities, (Root)
system      SUNWipfu                         IP Filter utilities, (Usr)
--
Tim Evans, TKEvans.com, Inc.	|    5 Chestnut Court
tkevans@tkevans.com		|    Owings Mills, MD 21117
http://www.tkevans.com/		|    443-394-3864
http://www.come-here.com/News/	|    

RE: IPTables for Sun Solaris

[Ruiyuan Jiang]

Does IP Filter contains "libipq library that allows snort_inline to
interface with iptables. Also, you must build and install LibNet, which
is available from http://www.packetfactory.net."? 

I don't think I installed IP Filter on Solari 10 but I can install it no
problem. Once I installed IP Filter, if I follow the rest instruction to
install snort_inline, will it work? Thanks, Tim.

Ryan 

-----Original Message-----
From: Tim Evans [mailto:tkevans@tkevans.com] 
Sent: Thursday, August 11, 2005 5:57 PM
To: tkevans@tkevans.com; dufresne@sysinfo.com; codeslinger@gmail.com;
Ruiyuan Jiang
Cc: netfilter@lists.netfilter.org
Subject: RE: IPTables for Sun Solaris


>So Tim, does ipfilter satisfy all the Snort_inline requirement? I mean 
>can I install it on Solaris 10? Thanks.

If you did a full Solaris 10 install, you already have it.  If not, it's
on the Solaris CD's

$ uname -a
SunOS osprey 5.10 Generic_118822-08 sun4u sparc SUNW,Sun-Blade-1500

$ uname -a
SunOS osprey 5.10 Generic_118822-08 sun4u sparc SUNW,Sun-Blade-1500

$ pkginfo | grep "IP Filter"
system      SUNWipfr                         IP Filter utilities, (Root)
system      SUNWipfu                         IP Filter utilities, (Usr)
--
Tim Evans, TKEvans.com, Inc.	|    5 Chestnut Court
tkevans@tkevans.com		|    Owings Mills, MD 21117
http://www.tkevans.com/		|    443-394-3864
http://www.come-here.com/News/	|    

RE: IPTables for Sun Solaris

[Tim Evans]

>Does IP Filter contains "libipq library that allows snort_inline to
>interface with iptables. Also, you must build and install LibNet, which
>is available from http://www.packetfactory.net."? 
>
>I don't think I installed IP Filter on Solari 10 but I can install it no
>problem. Once I installed IP Filter, if I follow the rest instruction to
>install snort_inline, will it work? Thanks, Tim.

It does not appear libipq is included.

(I don't use ipfilter on Solaris 10; I just happened to remember that it is 
included--and is a supported Sun package.)
--
Tim Evans, TKEvans.com, Inc.	|    5 Chestnut Court
tkevans@tkevans.com		|    Owings Mills, MD 21117
http://www.tkevans.com/		|    443-394-3864
http://www.come-here.com/News/	|    

RE: IPTables for Sun Solaris

[Tim Evans]

On Thu, 11 Aug 2005 18:03:31 -0400, Ruiyuan Jiang wrote
> Does IP Filter contains "libipq library that allows snort_inline to
> interface with iptables. Also, you must build and install LibNet, which
> is available from http://www.packetfactory.net."? 
> 
> I don't think I installed IP Filter on Solari 10 but I can install 
> it no problem. Once I installed IP Filter, if I follow the rest 
> instruction to install snort_inline, will it work? Thanks, Tim.

As I suggested earlier, I can't say.  I don't use ipfilter, nor snort, nor do
I work for Sun Microsystems.
--
Tim Evans, TKEvans.com, Inc.    |    5 Chestnut Court
tkevans@tkevans.com             |    Owings Mills, MD 21117
http://www.tkevans.com/         |    443-394-3864
http://www.come-here.com/News/  |