Minimal IP Filter rules for OpenSolaris 2008.11

IP Filter is disabled by default on OpenSolaris 2008.11. Edit the following file then enable ipfilter with 'svcadm enable -r ipfilter'. If the file below is modified after ipfilter has been started, 'svcadm refresh ipfilter' may be used to reload the rules.

Here's what I used as a minimal configuration on my workstation:
/etc/ipf/ipf.conf

# Allow all traffic on loopback device lo0
pass in quick on lo0 all
pass out quick on lo0 all

# Actively refuse connections to IDENT port
block return-rst in quick proto tcp to port = 113

# block all other traffic by default unless something below passes
block in log all
block out all

# Allow incoming ping
pass in quick proto icmp from any to any icmp-type 8 code 0 keep state
# Allow incoming ssh
pass in quick proto tcp from any to any port = 22 flags S keep state
# Allow incoming VNC
pass in quick proto tcp from any to any port = 5900 flags S keep state
# Necessary for FTP client to work properly (passive mode) active mode still doesn't work
pass in quick proto tcp from any port = 20 to any port 39999 >< 45000 flags S keep state

# Allow outgoing icmp
pass out quick proto icmp from any to any keep state
# Allow outgoing tcp/udp
pass out quick proto tcp/udp from any to any keep state keep frags

Reverse Domain Name

There may be an easier way to do this, but I was in need of a reversed domain-name for another script and this is what I whipped-up. It behaves kinda like rev(1) but with words.

# 1 required argument and one optional argument:
# First argument is the string you want reversed on a word-by-word basis
# Second argument is optional field separator
reverse_words() {
    local out
    IFS=$2
    for word in $1
    do
        [ -n "$out" ] && out="${word}${IFS}${out}"
        [ -z "$out" ] && out="${word}"
    done
    unset IFS
    echo $out
}

for dn in "$@"
do
    result=$(reverse_words "$dn" ".")
    echo $result
done