An SUN case engineer told me, that on should always add 'flags S' when using
'keep state' too get not into trouble. Why: unknown ...
But I guess, this is not the real problem.
We have encountered ipf problems on our mail servers, too - since
installation of 138888-07 (138888-08 doesn't solve the problem):

After 2..3 days ipfilter seems to trash its tables or bumps some packets
into a black hole and thus only occasional mail comes through. Strange
thing is, that mail connections from the local net come through without
any problem - so its not so easy to get notified, that's something
wrong. The problem doesn't occure on machines with the same patch level
and snv110 - I guess because they get much much less external connection
requests.

Had the same problem (at least wrt. symptoms) when feature upgrading to
S10u4 (120011-14) - also on the mail servers, only. That time,
IDR136697-08 did mitigate the problem but did not resolve it.
IDR137077-05 finally fixed it.

Don't know, whether a new IDR exists - so re-enabled ipfilter restart
per cron job ...

Regards,
jel.

I need to get the list of IPv4 and IPv6 addresses for
some given hostname. I also need the CNAME.

I thought getaddrinfo with the AI_CANONNAME would get
that for me, but that seems to be not the case:

***@dell6300gwr$ getent hosts 129.148.169.51
129.148.169.51 dhcp-ubur01-169-51.East.Sun.COM
***@dell6300gwr$ ./getaddr dhcp-ubur01-169-51.East.Sun.COM
ai[0]: af=2, len=16 saf=2, IP=129.148.169.51
ai[0]: cname="dhcp-ubur01-169-51.East.Sun.COM"
***@dell6300gwr$ ./getaddr 129.148.169.51
ai[0]: af=2, len=16 saf=2, IP=129.148.169.51
ai[0]: cname="::ffff:129.148.169.51"

Is this a bug? Or am I being a "noob" here?
My "getaddr" test program is attached.