SmartMachines include crossbow networking and access to the virtual NIC by default. This means you have full control over the networking stack of your machine.
You can assign IPFilter rules that ensure secure communication between services and your SmartMachine, making it easier for your SmartMachines to pass security audits. For example, you can setup rules that only allow SSH from your static IP or a block of IPs in use by your ISP.
The following briefly describes how to assign IPFilter rules to your SmartMachine.
In this topic:
|More information on using IPF can be found in this Oracle IPF Documentation|
|The IPfilter process is configured to run under the Service Management Facility.|
IPfilter is disabled by default. You need to use svcadm to enable, disable, start or stop the service. For initial setup of the service:
Use restart to restart the service:
Use this to check the status of the service. Notice the use of grep:
IPfilter rules are contained in /etc/ipf/ipf.conf:
- src.ip.addr specifies the source.
- dest.ip.addr specifies the destination.
|(Use proto tcp to block only on TCP. Otherwise, it blocks both TCP and UDP.|
|Ranges can apply to any rule, just use x.x.x.x/xx instead of a specific IP.|
You can use this command to test active IP packet filtering:
You can use ipmon to write data to a logfile and then tail the logfile:
More information for IPF can be found in this Oracle documentation