HP-UX 11i Version 2 December 2007 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v2 Foundation OE LTU

151

152

153

154

155

156

157

158

159

160

HP-UX IPFilter

HP-UX IPFilter, product number 15.01 (A.11.23.15.01 for HP-UX 11.23), is a TCP/IP packet filter

suitable for use as a system firewall to protect application servers.

Summary of Change

• The Dynamic Connection Allocation (DCA) feature now supports IPv6 rules.

• The ipftest utility now supports IPv6 rules.

• The kernel tunable parameter, icmp6_passthru. The default setting of this parameter allows

all ICMPv6 Router Discovery and Neighbor Discovery packets to bypass normal IPFilter

rule processing and always pass through the system.

• Administrators can now distinguish between IPv4 rule sets and IPv6 rule sets when switching

active and inactive rule sets with the ipf -s command. The ipf -s command now supports

the -6 option to specify the IPv6 rule sets. In previous releases, the ipf -s command

switched active and inactive rule sets for both IPv4 rule sets and IPv6 rule sets.

Impact

You will be able to use the new features.

Compatibility

Existing configuration files will continue to work as before.

Customers who selectively filtered ICMPv6 Router Discovery and Neighbor Discovery packets

will need to modify the kernel tunable parameter icmp6_passthru. Customers who want to allow

all Router Discovery and Neighbor Discovery packets do not have to modify any settings or

configuration files.

Customers who used the ipf -s command to switch active and inactive rules for both IPv4

and IPv6 rulesets must also execute the command ipf -6 -s.

Performance

There is no change.

Documentation

Manpages:

ipf(4) packet filtering kernel interface

ipf(5) IP packet filter rule syntax

ipf(8) alters packet filtering kernel's internal lists

ipl(4) data structure for IP packet log device

ipmon(8)

monitors /dev/ipl for logged packets

ipstat(8) reports on packet filter statistics and filter list

iptest(1) test packet rules with arbitrary input

Documents:

• HP-UX IPFilter Version 15.01 Administrator's Guide (B9901-90042)

• HP-UX IPFilter Version 15.01 Release Notes (B9901-90041)

Obsolescence

Not applicable.

HP-UX IPFilter 151