Hi,
I need to block ssh port 22 from all the servers except one server ip.
Until solaris11.3 and below, I used to do like below(under /etc/ipf/ipf.conf),and it's working fine
pass in quick from $server_ip to any port=22
block in quick from any to any port=22
But I tried almost same in 11.4 like below(under /etc/firewall/pf.conf), It's not working
pass in proto tcp from x.x.x.x to any port = 22
block in proto tcp from any to any port = 22
Where am I doing wrong here?
TIA
Basically I cannot tell if you upgraded 11.3 -> 11.4 ( upgrade to PF on 11.4 is "automagic") or you got a new box install of 11.4 and are trying to emulate what you had. Perhaps you can tell us a little about the history and what you did. Assuming you need better answers.
Did you run ipf2pf to migrate your old setup to Packet Filter? This could be a problem if it already was migrated by the upgrade.
See documentation:
ipf2pf -
man pages section 7: Standards, Environments, Macros, Character Sets, and Miscellany
Blog on problems:
Migrating from IPF to Packet Filter in Solaris 11.4 | Oracle Solaris Blog