HP-UX CMGR A.02.00 Administrator's and Developer's Guide
<commands id="$rule_id">
<data if_op="add|replace">
logger "cmgr-IPFilter Example $op - Rule: $rule_id, IP Address: $ip_address, Port: $tcp_port"
</data>
<data if_op="delete">
logger "cmgr-IPFilter Example $op - Rule: $rule_id"
</data>
</commands>
</body>
</template>
To use this template, follow these steps:
1. Logon to your system as root and copy this template to a temporary location, for
example, /tmp/example.cst.
2. (Optional) Remove earlier usage of this example IPFilter configuration file:
# rm /tmp/example_ipf.conf
3. Add Rule_1 to block from IP address 192.0.2.1 for TCP port 2343 :
# cmgr -a -t /tmp/example.cst rule_id=Rule_1 ip_address=192.0.2.1 tcp_port=2343
add ipfilter rules succeeded
Verify the output:
# cmgr -l -v -t /tmp/example.cst
IPFilter Configuration (/tmp/example_ipf.conf):
@tag-start Example Dynamic IPFilter Service Rule="Rule_1" ;
block in quick proto tcp from 192.0.2.1 to any port = 2343
@tag-end ;
Read the configuration file:
# more /tmp/example_ipf.conf
#@tag-start Example Dynamic IPFilter Service Rule="Rule_1";
block in quick proto tcp from 192.0.2.1 to any port = 2343
#@tag-end;
4. Modify Rule_1 to block from IP address 192.0.2.1 for TCP port 1257 :
# cmgr -r -t /tmp/example.cst rule_id=Rule_1 ip_address=192.0.2.1 tcp_port=1257
replace ipfilter rules succeeded
Verify the output:
# cmgr -l -v -t /tmp/example.cst
IPFilter Configuration (/tmp/example_ipf.conf):
@tag-start Example Dynamic IPFilter Service Rule="Rule_1" ;
block in quick proto tcp from 192.0.2.1 to any port = 1257
@tag-end ;
5. Add a second Rule for a different source, but the same port:
# cmgr -a -t /tmp/example.cst rule_id=Rule_2 ip_address=192.0.2.2 tcp_port=1257
add ipfilter rules succeeded
Verify the output:
# cmgr -l -v -t /tmp/example.cst
IPFilter Configuration (/tmp/example_ipf.conf):
36 Building a Template