Issue Description
Q: How to enable a firewall (IPFILTER) in Solaris 10 to block the port number?
IP Filter is a great little embedded firewall package in Solaris. It does just about everything other firewalls do.
Handling Process
IPF (IP Filter) has a config file (ipf.conf ), it let you to manipulate the configuration file to configure some rule to block and permit certain subnet and its port number. The configuration and how to enable the a IPFILTER in Solaris is as follows;
1. Enable the IPFILTER in the Solaris 10;
#svcadm enable network/ipfilter
2. Verify whether the process of IPF is enable;
#svcs
3. Configure and edit the ACL rules in configuration file under the path of /etc/ipf/ipf.conf;
#vi /etc/ipf/ipf.conf
4. As an example, add the following rules to block certain rules (UDP/177, TCP/8080), by default the the IPFILTER is permit everythings;
#block in quick proto udp from any to any port = 177
#block in quick proto tcp from any to any port = 8080
5. Activate the ACL rules in the Solaris;
#ipf -f /etc/ipf/ipf.conf
Finally you will able to block some ports whether in TCP or UDP from communicate with the Solaris server.
Suggestions
This how-to is useful for the operating system that required vulneability security scan to the system. A VA scan checklist that required by some operators.