HP-UX CMGR A.02.01 Administrator's and Developer's Guide
15
Attribute Description
state
Optional
Sets network interface state for ipaddress in the /etc/rc.config.d/netconf
(IPv4) or /etc/rc.config.d/netconf-ipv6 (IPv6) file. Valid values are up and
down
. Default is
down
.
See 2.4 Common
Attributes for more information on common attributes.
2.2.5 The ipfilter Element
The ipfilter element manages interaction with the IPFilter configuration file specified by the
ipfilterfile or ipfilteripv6file attribute. Upon invocation, the ipfilter handler checks
the operation option from the cmgr command and performs one of the following tasks:
Operation
Description
add
Adds concatenated data child elements to the beginning of the IPFilter configuration
file.
NOTE: You must include meta-tags around the configuration data to be added. See
2.2.10 Using
meta-tags for more information on meta-tags.
delete
Searches the IPFilter configuration file for the first block of data with the exact matching
open and close comment meta-tag as specified in the concatenated child data
elements. If a match is found, the comment meta-tags, and all data between are
deleted.
replace
Performs the equivalent of a delete followed by an add operation, with the exception
that the new data will be placed in the same location in the IPFilter configuration file.
list
Searches the IPFilter configuration file for matching meta-tags. If a match is found,
displays the entire meta-tag string. If used with the –verbose option, cmgr displays the
entire content of the meta-tag data.
export
Searches the IPFilter configuration file for matching meta-tags. If a match is found,
exports the entire meta-tag string to the exchange.xml file located in the exchange
archive under the /cmgr/body/ipfilters/ipfilter or
/cmgr/body/ipfilters/ipfilterv6
XPath.
import
Searches the exchange.xml file located in the exchange archive under the
/cmgr/body/ipfilters/ipfilter and /cmgr/body/ipfilters/ipfilter
XPaths for matching meta tags. If a match is found, adds the meta-tag and the data to
the appropriate IPFilter configuration file.
status
Displays the number of times individual IPFilter rules were selected as reported by
ipfstat(8).
Upon successful completion of the add, delete, or replace operation, cmgr validates the IPFilter
configuration file with the following command:
ipf -n -f ipfilterfile
If the validation succeeds, cmgr notifies ipfilter to reload its configuration with the following
command:
ipf -Fa -f ipfilterfile