HP-UX CMGR A.02.01 Administrator's and Developer's Guide
30
</data>
<data if_op="add|replace|list|delete">
#@tag-end;
</data>
<success>$op ipfilter rules succeeded</success>
<failure>$op ipfilter rules failed</failure>
</ipfilter>
<!--
=========================================================
Note the action is syslog for add, replace, or delete [4]
=========================================================
-->
<commands id="$rule_id">
<data if_op="add|replace">
logger "cmgr-IPFilter Example $op - Rule: $rule_id, IP Address:
$ip_address, Port: $tcp_port"
</data>
<data if_op="delete">
logger "cmgr-IPFilter Example $op - Rule: $rule_id"
</data>
</commands>
</body>
</template>
To use this template, follow these steps:
1. Logon to your system as root and copy this template to a temporary location, for example,
/tmp/example.cst.
2. (Optional) Remove earlier usage of this example IPFilter configuration file:
# rm /tmp/example_ipf.conf
3. Add Rule_1 to block from IP address 192.0.2.1 for TCP port 2343 :
# cmgr -a -t /tmp/example.cst rule_id=Rule_1 ip_address=192.0.2.1
tcp_port=2343
add ipfilter rules succeeded
Verify the output:
# cmgr -l -v -t /tmp/example.cst
IPFilter Configuration (/tmp/example_ipf.conf):
@tag-start Example Dynamic IPFilter Service Rule="Rule_1" ;
block in quick proto tcp from 192.0.2.1 to any port = 2343
@tag-end ;
Read the configuration file:
# more /tmp/example_ipf.conf
#@tag-start Example Dynamic IPFilter Service Rule="Rule_1";
block in quick proto tcp from 192.0.2.1 to any port = 2343
#@tag-end;
4. Modify Rule_1 to block from IP address 192.0.2.1 for TCP port 1257 :
# cmgr -r -t /tmp/example.cst rule_id=Rule_1 ip_address=192.0.2.1
tcp_port=1257
replace ipfilter rules succeeded
Verify the output:
# cmgr -l -v -t /tmp/example.cst