Skip to content

Instantly share code, notes, and snippets.

@jcrugzz
Created September 18, 2012 05:34
Show Gist options
  • Save jcrugzz/3741446 to your computer and use it in GitHub Desktop.
Save jcrugzz/3741446 to your computer and use it in GitHub Desktop.
smartos logs ipfilter
+ SMF_EXIT_MON_OFFLINE=98
+ SMF_EXIT_ERR_NOSMF=99
+ SMF_EXIT_ERR_PERM=100
+ . /lib/svc/share/ipf_include.sh
+ IPFILTER_FMRI=svc:/network/ipfilter:default
+ ETC_IPF_DIR=/etc/ipf
+ /usr/bin/svcprop -p config/ipf6_config_file svc:/network/ipfilter:default
+ 2> /dev/null
+ IP6FILCONF=/etc/ipf/ipf6.conf
+ [ 0 -eq 1 ]
+ /usr/bin/svcprop -p config/ipnat_config_file svc:/network/ipfilter:default
+ 2> /dev/null
+ IPNATCONF=/etc/ipf/ipnat.conf
+ [ 0 -eq 1 ]
+ /usr/bin/svcprop -p config/ippool_config_file svc:/network/ipfilter:default
+ 2> /dev/null
+ IPPOOLCONF=/etc/ipf/ippool.conf
+ [ 0 -eq 1 ]
+ VAR_IPF_DIR=/var/run/ipf
+ IPFILCONF=/var/run/ipf/ipf.conf
+ IPFILOVRCONF=/var/run/ipf/ipf_ovr.conf
+ IPF_LOCK=/var/run/ipflock
+ CONF_FILES=''
+ NAT_FILES=''
+ IPF_SUFFIX=.ipf
+ NAT_SUFFIX=.nat
+ CURRENT_VERSION=1
+ IPF_FMRI=svc:/network/ipfilter:default
+ INETDFMRI=svc:/network/inetd:default
+ RPCBINDFMRI=svc:/network/rpc/bind:default
+ SMF_ONLINE=online
+ SMF_MAINT=maintenance
+ SMF_NONE=none
+ FW_CONTEXT_PG=firewall_context
+ METHOD_PROP=ipf_method
+ FW_CONFIG_PG=firewall_config
+ POLICY_PROP=policy
+ APPLY2_PROP=apply_to
+ EXCEPTIONS_PROP=exceptions
+ FW_CONFIG_DEF_PG=firewall_config_default
+ FW_CONFIG_OVR_PG=firewall_config_override
+ CUSTOM_FILE_PROP=custom_policy_file
+ OPEN_PORTS_PROP=open_ports
+ PREFIX_HOST=host:
+ PREFIX_NET=network:
+ PREFIX_POOL=pool:
+ PREFIX_IF=if:
+ GLOBAL_CONFIG=''
+ GLOBAL_POLICY=''
+ SERVINFO=/usr/lib/servinfo
+ server_port_list=''
+ global_init
+ awk '{$2=" "; print $0}'
+ svcprop -p firewall_config_override -p firewall_config_default svc:/network/ipfilter:default
+ 2> /dev/null
+ GLOBAL_CONFIG=$'firewall_config_default/apply_to ""\nfirewall_config_default/exceptions ""\nfirewall_config_default/open_ports ""\nfirewall_config_default/value_authorization solaris.smf.value.firewall.config\nfirewall_config_default/version 1\nfirewall_config_default/policy custom\nfirewall_config_default/custom_policy_file /etc/ipf/ipf.conf\nfirewall_config_override/apply_to ""\nfirewall_config_override/policy none\nfirewall_config_override/value_authorization solaris.smf.value.firewall.config'
+ global_get_prop_value firewall_config_default policy
+ target_pg=firewall_config_default
+ prop=policy
+ [ firewall_config_default != firewall_config_override -a firewall_config_default != firewall_config_default ]
+ [ firewall_config_default == firewall_config_default ]
+ extra_pg=firewall_config_override
+ awk $'{\n\t\tfound=0\n\t\tfor (i=1; i<=NF; i++) {\n\t\t\tif (found == 1) {\n\t\t\t\tif (index($i, target_pg) == 1 || index($i, extra_pg) == 1)\n\t\t\t\t\tbreak;\n\n\t\t\t\tprint $i;\n\t\t\t}\n\n\t\t\tif (split($i, values, "/") < 2)\n\t\t\t\tcontinue;\n\n\t\t\tif (values[1] == target_pg && values[2] == prop)\n\t\t\t\tfound=1;\n\t\t}\n\t}' target_pg=firewall_config_default prop=policy extra_pg=firewall_config_override
+ echo firewall_config_default/apply_to '""' firewall_config_default/exceptions '""' firewall_config_default/open_ports '""' firewall_config_default/value_authorization solaris.smf.value.firewall.config firewall_config_default/version 1 firewall_config_default/policy custom firewall_config_default/custom_policy_file /etc/ipf/ipf.conf firewall_config_override/apply_to '""' firewall_config_override/policy none firewall_config_override/value_authorization solaris.smf.value.firewall.config
+ value=custom
+ echo custom
+ GLOBAL_POLICY=custom
+ PATH=/usr/sbin:/usr/bin:/usr/sbin:/usr/lib/ipf
+ PIDFILE=/var/run/ipmon.pid
+ PFILCHECKED=no
+ smf_zonename
+ echo dbe54ca7-f0a3-45a7-ad66-e925198c5f5f
+ zone=dbe54ca7-f0a3-45a7-ad66-e925198c5f5f
+ awk '/ipf/ { print $1 } ' -
+ 2> /dev/null
+ /usr/sbin/modinfo
+ 2>& 1
+ ipfid=210
+ [ -f /var/run/ipmon.pid ]
+ pgrep -z dbe54ca7-f0a3-45a7-ad66-e925198c5f5f ipmon
+ pid=''
+ config_get_version
+ svcprop -p firewall_config_default/version svc:/network/ipfilter:default
+ 2> /dev/null
+ ver=1
+ [ 0 -ne 0 -o -z 1 ]
+ echo 1
+ ver=1
+ [ 0 -eq 1 ]
+ [ 1 -ne 1 ]
+ configure_firewall
+ create_global_rules
+ [ custom = custom ]
+ global_get_prop_value firewall_config_default custom_policy_file
+ target_pg=firewall_config_default
+ prop=custom_policy_file
+ [ firewall_config_default != firewall_config_override -a firewall_config_default != firewall_config_default ]
+ [ firewall_config_default == firewall_config_default ]
+ extra_pg=firewall_config_override
+ awk $'{\n\t\tfound=0\n\t\tfor (i=1; i<=NF; i++) {\n\t\t\tif (found == 1) {\n\t\t\t\tif (index($i, target_pg) == 1 || index($i, extra_pg) == 1)\n\t\t\t\t\tbreak;\n\n\t\t\t\tprint $i;\n\t\t\t}\n\n\t\t\tif (split($i, values, "/") < 2)\n\t\t\t\tcontinue;\n\n\t\t\tif (values[1] == target_pg && values[2] == prop)\n\t\t\t\tfound=1;\n\t\t}\n\t}' target_pg=firewall_config_default prop=custom_policy_file extra_pg=firewall_config_override
+ echo firewall_config_default/apply_to '""' firewall_config_default/exceptions '""' firewall_config_default/open_ports '""' firewall_config_default/value_authorization solaris.smf.value.firewall.config firewall_config_default/version 1 firewall_config_default/policy custom firewall_config_default/custom_policy_file /etc/ipf/ipf.conf firewall_config_override/apply_to '""' firewall_config_override/policy none firewall_config_override/value_authorization solaris.smf.value.firewall.config
+ value=/etc/ipf/ipf.conf
+ echo /etc/ipf/ipf.conf
+ file=/etc/ipf/ipf.conf
+ [ -n /etc/ipf/ipf.conf ]
+ custom_set_symlink /etc/ipf/ipf.conf
+ [ ! -f /etc/ipf/ipf.conf ]
+ check_ipf_dir
+ [ -d /var/run/ipf ]
+ return 0
+ rm /var/run/ipf/ipf.conf
+ 1> /dev/null 2>& 1
+ ln -s /etc/ipf/ipf.conf /var/run/ipf/ipf.conf
+ 1> /dev/null 2>& 1
+ return 0
+ create_global_ovr_rules
+ [ custom = custom ]
+ echo $'# \'custom\' global policy'
+ 1> /var/run/ipf/ipf_ovr.conf
+ return 0
+ create_services_rules
+ [ custom = custom ]
+ return 0
+ [ ! -f /var/run/ipf/ipf.conf -a ! -f /etc/ipf/ipnat.conf ]
+ ipf -E
+ load_ippool
+ [ -r /etc/ipf/ippool.conf ]
+ return 0
+ load_ipf
+ bad=0
+ ipf -IFa
+ [ -r /var/run/ipf/ipf_ovr.conf ]
+ ipf -I -f /var/run/ipf/ipf_ovr.conf
+ [ 0 != 0 ]
+ [ -r /var/run/ipf/ipf.conf ]
+ ipf -I -f /var/run/ipf/ipf.conf
syntax error error at ".", line 8
+ [ 1 != 0 ]
+ echo '/lib/svc/method/ipfilter: load of /var/run/ipf/ipf.conf into alternate' 'set failed'
/lib/svc/method/ipfilter: load of /var/run/ipf/ipf.conf into alternate set failed
+ bad=1
+ [ -r /etc/ipf/ipf6.conf ]
+ [ 1 -eq 0 ]
+ echo 'Not switching config due to load error.'
Not switching config due to load error.
+ return 1
+ exit 96
[ Sep 18 05:02:37 Method "start" exited with status 96. ]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment