Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
51525354555657585960
The ipfilter Service
The ipfilter service for the custom template enables you to allow inbound packets to specific
TCP or UDP port numbers.
Input Data
SRP prompts for the following data. You can also specify a variable name and value in the
command line, as described in “Creating an SRP Compartment or Adding Data to a Compartment”
(page 67).
IPFilter TCP port numbers
Specifies the local TCP port numbers for IPFilter rules that
allow inbound packets.
Variable Name: ipf_tcp_ports.
Valid Input: One or more TCP port numbers each in the
range 1- 65535, separated by commas.
Default: None.
IPFilter UDP port numbers
Specifies the local UDP port numbers for IPFilter rules that
allow inbound packets.
Variable Name: ipf_udp_ports.
Valid Input: One or more UDP port numbers each in the
range 1- 65535, separated by commas.
Default: None.
Configuration Data
If the compartment address is an IPv4 address, SRP adds IPFilter rules to the /etc/opt/ipf/
ipf.conf file. If the compartment address is an IPv6 address, SRP adds IPFilter rules to the
/etc/opt/ipf/ipf6.conf file.
SRP configures rules that allow inbound packets from any remote IP address to the compartment
IP address with the specified destination TCP or UDP port numbers. SRP also specifies the keep
state keywords to allow outbound responses for these packets.
SRP inserts these rules at the top of the IPFilter rules file and uses the quick keyword.
The IPFilter configuration file already contains rules from the base template to allow all outbound
TCP, UDP, and ICMP packets from the compartment IP address, as described in “Configuration
Data” (page 42).
Starting the SRP Compartment
If the SRP compartment was not started with the base template, you can start it using the srp
-start compartment_name command.
For more information about starting SRP compartments, see Chapter 10 (page 65).
Replacing or Deleting Custom SRP Data
Use the following command to replace custom template data in an SRP compartment:
srp -r[eplace] compartment_name -t oracledb [-s service[,service]...]
[-id instance]
The srp -replace command deletes the specified data, then prompts you for replacement
data. For example, the following command deletes all the IPFilter data for the custom template
added with the id 20080509, then prompts you for replacement data:
srp -replace myCmpt -t custom -s ipfilter -id 2008-05-09
Use the following command to delete custom template data from an SRP compartment:
Starting the SRP Compartment 55