HP-UX IPFilter A.03.05.13 Administrator's Guide: HP-UX 11i v3
Table Of Contents
- HP-UX IPFilter Version A.03.05.13 Administrator's Guide
- Legal Notices
- Table of Contents
- Preface: About This Document
- 1 Installing and Configuring HP-UX IPFilter
- Overview of HP-UX IPFilter Installation
- Step 1: Checking HP-UX IPFilter Installation Prerequisites
- Step 2: Loading HP-UX IPFilter Software
- Step 3: Determining the Rules for IPFilter
- Step 4: Adding Rules to the Rules Files
- Step 5: Loading IPFilter and NAT Rules
- Step 6: Verifying the Installation and Configuration
- Kernel Tunable Parameters
- Supported and Unsupported Interfaces
- Troubleshooting HP-UX IPFilter
- 2 HP-UX IPFilter on HP-UX 11i Version 3
- 3 Rules and Keywords
- IPFilter Configuration Files
- Basic Rules Processing
- IPFilter Keywords
- pass and block: Controlling IP Traffic
- in and out: Bidirectional Filtering
- quick: Optimizing IPFilter Rules Processing
- on: Filtering by Network Interfaces
- from and to: Filtering by IP Addresses and Subnets
- log: Tracking Packets on a System
- proto: Controlling Specific Protocols
- opt and ipopts: Filtering on IP Options
- icmp-type: Filtering ICMP Traffic by Type
- port: Filtering on TCP and UDP Ports
- keep state: Protecting TCP, UDP, and ICMP Sessions
- flags: Tight Filtering Based on TCP Header Flags
- keep frags: Letting Fragmented Packets Pass
- with frags: Dropping Fragmented Packets
- with short: Dropping Short Fragments
- return-rst: Responding to Blocked TCP Packets
- return-icmp: Responding to Blocked ICMP Packets
- dup-to: Drop-Safe Logging
- NAT Keywords
- 4 Dynamic Connection Allocation
- 5 Firewall Building Concepts
- Blocking Services by Port Number
- Using Keep State
- Using Keep State with UDP
- Using Keep State with ICMP
- Logging Techniques
- Improving Performance with Rule Groups
- Localhost Filtering
- Using the to
- Creating a Complete Filter by Interface
- Combining IP Address and Network Interface Filtering
- Using Bidirectional Filtering Capabilities
- Using port and proto to Create a Secure Filter
- 6 HP-UX IPFilter Utilities
- 7 HP-UX IPFilter and FTP
- 8 HP-UX IPFilter and RPC
- 9 HP-UX IPFilter and IPSec
- 10 HP-UX IPFilter and Serviceguard
- A HP-UX IPFilter Configuration Examples
- B HP-UX IPFilter Static Linking
- C Performance Guidelines
- Index
195
port keyword
, 43
portmap keyword, 49
processing order, 35
proto icmp keep state, 77
proto keyword, 40
quick keyword, 37
rdr keyword, 50
removing, 11
return-icmp keyword, 47
return-rst keyword, 47
Serviceguard, 138
swapping active and inactive rules lists, 11
taking effect, 10
to keyword, 38, 83
with frags keyword, 46
with short keyword, 46
S
Serviceguard, 137
Cluster Object Manager, 142
filtering on a package IP address, 138
intra-cluster communication, 139
mandatory rules, 138
Quorum Server, 141
remote command execution, 141
Serviceguard Manager, 143
services, 138
single-user mode, 6
software, loading, 5
state table
dump, 96
static linking, 176
HP-UX 11i v3, 177
removing IPFilter software, 177
summary logs for cumulative limits, 60
supported interfaces, 19
swinstall, 5
swlist, 4
system configuration guidelines, 181
system traffic guidelines, 187
T
TCP
configuration example
, 169
TCP filtering, 43
TCP Wrapper, 82
testing IPFilter, 105
to keyword, 38, 83
tree structure, 80
troubleshooting, 22
rule change after using Bastille, 24
TTL counter, 97
U
UDP
keeping state with
, 76
negotiation with IPSec, 129
UDP filtering, 43
uname, 4
uninstalling IPFilter software
static linking
, 177
unsupported interfaces, 19
unsupported utilities and commands, 110
updating keep limit rules, 66
utilities
ipf
, 91
ipfstat, 94
ipftest, 105
ipmon, 101
ipnat, 109
unsupported, 110
W
with frags keyword
, 46
with short keyword, 46
WU-FTPD, 114