HP-UX IPFilter A.03.05.13 Administrator's Guide: HP-UX 11i v3
Table Of Contents
- HP-UX IPFilter Version A.03.05.13 Administrator's Guide
- Legal Notices
- Table of Contents
- Preface: About This Document
- 1 Installing and Configuring HP-UX IPFilter
- Overview of HP-UX IPFilter Installation
- Step 1: Checking HP-UX IPFilter Installation Prerequisites
- Step 2: Loading HP-UX IPFilter Software
- Step 3: Determining the Rules for IPFilter
- Step 4: Adding Rules to the Rules Files
- Step 5: Loading IPFilter and NAT Rules
- Step 6: Verifying the Installation and Configuration
- Kernel Tunable Parameters
- Supported and Unsupported Interfaces
- Troubleshooting HP-UX IPFilter
- 2 HP-UX IPFilter on HP-UX 11i Version 3
- 3 Rules and Keywords
- IPFilter Configuration Files
- Basic Rules Processing
- IPFilter Keywords
- pass and block: Controlling IP Traffic
- in and out: Bidirectional Filtering
- quick: Optimizing IPFilter Rules Processing
- on: Filtering by Network Interfaces
- from and to: Filtering by IP Addresses and Subnets
- log: Tracking Packets on a System
- proto: Controlling Specific Protocols
- opt and ipopts: Filtering on IP Options
- icmp-type: Filtering ICMP Traffic by Type
- port: Filtering on TCP and UDP Ports
- keep state: Protecting TCP, UDP, and ICMP Sessions
- flags: Tight Filtering Based on TCP Header Flags
- keep frags: Letting Fragmented Packets Pass
- with frags: Dropping Fragmented Packets
- with short: Dropping Short Fragments
- return-rst: Responding to Blocked TCP Packets
- return-icmp: Responding to Blocked ICMP Packets
- dup-to: Drop-Safe Logging
- NAT Keywords
- 4 Dynamic Connection Allocation
- 5 Firewall Building Concepts
- Blocking Services by Port Number
- Using Keep State
- Using Keep State with UDP
- Using Keep State with ICMP
- Logging Techniques
- Improving Performance with Rule Groups
- Localhost Filtering
- Using the to
- Creating a Complete Filter by Interface
- Combining IP Address and Network Interface Filtering
- Using Bidirectional Filtering Capabilities
- Using port and proto to Create a Secure Filter
- 6 HP-UX IPFilter Utilities
- 7 HP-UX IPFilter and FTP
- 8 HP-UX IPFilter and RPC
- 9 HP-UX IPFilter and IPSec
- 10 HP-UX IPFilter and Serviceguard
- A HP-UX IPFilter Configuration Examples
- B HP-UX IPFilter Static Linking
- C Performance Guidelines
- Index
194
modifying DCA rules
, 65
monitoring IPFilter, 101
multi-level grouping, 81
N
NAT
adding rules
, 8
viewing and loading rules, 109
NAT keywords
bimap
, 50
map, 49
map-block, 51
portmap, 49
rdr, 50
Network Address Translation
See NAT
nslookup
, 76
O
on keyword
, 37
opt keyword, 40
out keyword, 36
P
package IP address
, 138
pass keyword, 36
patch dependencies, 4
performance guidelines, 179
performance monitoring, 189
rule configuration, 184
rule loading, 183
system configuration, 181
traffic, 187
performance improvement, 80
performance information, 94
performance monitoring guidelines, 189
pfil module, 176
ping, 77
port keyword, 43
port number filtering, 43
portmap keyword, 49
prerequisites
installation
, 4
patch dependencies, 4
proto keyword, 40
protocol 50 and 51 traffic, 132
Q
quick keyword
, 37
R
rdr keyword
, 50
reloading IPFilter, 22
removing, 29
removing IPFilter software
static linking, 177
reporting problems, 76
return-icmp keyword, 47
return-rst keyword, 47
rule configuration guidelines, 184
rule groups, 80
rule loading guidelines, 183
rules
active list, 11
adding NAT rules to a rule file, 8
adding rules to a rules file, 10
bimap keyword, 50
block keyword, 36
checking inbound and outbound, 13
dup-to keyword, 48
errors occur when loading, 23
file configuration, 34
flags keyword, 45
flushing, 11
from keyword, 38
grouping, 80
icmp-type keyword, 41
in keyword, 36, 37
inactive list, 11
interface-specific, 37
IP address-specific, 38
ipf.conf file, 8
ipnat.conf file, 8
ipopts keyword, 40
keep frags keyword, 46
keep limit keyword, 57
keep state keyword, 44, 74
loading with ipf, 8
log keyword, 39, 78
log limit freq keyword, 61
log limit keyword, 59
map keyword, 49
map-block keyword, 51
on keyword, 37
opt keyword, 40
out keyword, 36
outbound traffic, 36
pass keyword, 36
performance improvement with, 80