Manualshelf

HP-UX CMGR A.02.01 Administrator's and Developer's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
11121314151617181920
16
NOTE: The ipfilter handler processes a temporary copy of the IPFilter configuration file. If the
ipfilter handler returns an error, the contents of the IPFilter configuration file will be unchanged
from its original state.
Attribute Description
Compartment
Optional. Common attribute.
id
Optional.
if
Optional.
if_op
Optional.
ipfilterfile
Required.
Specifies the IPFilter configuration file to act upon for
ipv4
type addresses.
ipfilteripv6file
Required.
Specifies the IPFilter configuration file to act upon for
ipv6
type addresses
ipfactivate
Optional.
If
FALSE
, do not execute the IPFilter activation command. Default is
TRUE
.
ipfvalidate
Optional.
If
FALSE
, do not execute the IPFilter validation command. Default is
TRUE
.
2.2.6 The ipsec Element
The ipsec element manages interaction with HP-UX IPsec configuration. Upon invocation, the ipsec
element handler checks the operation option from the cmgr command and performs one of the
following tasks:
Operation Description
add, delete,
replace, and
list
The contents of the concatenated data child elements are provided as input data
of the ipsec_configbatch command. See ipsec_config_batch(1M).
NOTE: You must include meta-tags around the configuration data to be added.
See
2.2.10 Using meta-tags
for more information on meta-tags.
list
The contents of the concatenated data child elements are provided as input data
of the
ipsec_config
show command. See ipsec_config_show(1M).
export
Adds the output of the ipsec_config export command to export the IPsec
configuration to the exchange.xml file. The exchange.xml file is located in
the exchange archive under the
/cmgr/body/ipsecs/ipsec
XPath.
import
Searches the exchange.xml file from the exchange archive for matching IPsec
policy names. If a match is found, the data is provided as input data for the
ipsec_config
batch command.
The ipsec element automatically validates configuration for the delete or replace operations.
Upon successful completion of the IPSec batch operation for the add, delete, or replace
operations, cmgr automatically reloads the new configuration if ipsec is active and running.