How to fix ipfilter
ignoring ipf.conf
rules
In 2021 I noticed that I could manually aplly /etc/ipf/ipf.conf
rules, but upon a restart of the ipfilter
service they were not loaded.
This is explained somewhat in svc.ipfd(1m)
, as noted in this blog. In summary, by default the rules are expected to be described as SMF properties for the ipfilter
service.
To tell it to intead load /etc/ipf/ipf.conf
(as pointed to by default in another SMF property) we must run:
svccfg -s ipfilter:default setprop firewall_config_default/policy = astring: "custom"