→ Applies to: SynetoOS 4.x

Step 1. Connect to SynetoOS appliance via SSH as admin

ssh admin@<your_ip_address_or_hostname>

Step 2. Remove bash_profile

rm ~admin/.bash_profile

After running the command, you need to perform logout and login again.

Step 3. Get root privileges

sudo su -

Step 4 (optional). Check current firewall rules

ipfstat -io

Step 5. Create a custom policy

svccfg -s ipfilter:default setprop firewall_config_default/policy = astring: "custom"
svccfg -s ipfilter:default listprop firewall_config_default/policy

Step 6. Specify the custom policy file

svccfg -s ipfilter:default setprop firewall_config_default/custom_policy_file = astring: "/etc/ipf/ipf.conf"
svccfg -s ipfilter:default listprop firewall_config_default/custom_policy_file

ipf.conf file contains the firewall rules that will be loaded when the service starts.

Step 7. Apply changes and enable the service

svcadm refresh ipfilter:default
svcadm enable svc:/network/ipfilter:default

Step 8 (optional). Check the service status

svcs -xv svc:/network/ipfilter:default

Step 9 (optional). Verify statistics and blocked packets

ipfstat -io
ipfstat | grep blocked

Step 10. Edit ipf.conf file to add permanent rules

vi /etc/ipf/ipf.conf

EXAMPLE

block in on e1000g0 proto tcp/udp to any port = 22
block in on e1000g0 proto tcp/udp to any port = 443
block in on e1000g0 proto icmp to any
pass in quick on e1000g0 proto tcp/udp from 192.168.1.15/21 to any port = 22

IMPORTANT
The above rules are just a generic example.
Check within your organization which rules need to be uploaded.

Step 11. Restart the service

svcadm disable ipfilter
svcadm refresh ipfilter
svcadm enable ipfilter