HP-UX IPFilter A.03.05.13 Release Notes: HP-UX 11i v3
HP-UX IPFilter Release Notes
Enhancements
Chapter 112
Enhancements
X.25 Support
HP-UX IPFilter now supports filtering X.25 links when an IP stack is running on it.
Enable and Disable HP-UX IPFilter Without Rebooting
On HP-UX 11i v3, HP-UX IPFilter can be enabled or disabled using the
/opt/ipf/bin/ipfilter command. Use of the command will not require a system reboot.
WARNING Using /opt/ipf/bin/ipfilter brings down ALL the network interface
cards and therefore the network connectivity of the machine for a
short while when HP-UX IPFilter is being enabled or disabled (using
the -e or -d option).
Unless there is heavy network traffic, this should have no or little
overall effect on existing connections, but the connections will “hang”
for a while. If there is heavy network traffic, it may not be a good time
to enable/disable HP-UX IPFilter firewall. If the user is running
applications like Serviceguard that might mistake this for network
card failure, enabling and disabling of HP-UX IPFilter must be
scheduled so that network outage is not an issue.
Install HP-UX IPFilter Without Rebooting
On HP-UX 11i v3, HP-UX IPFilter will be installed and disabled by default. This is different
from HP-UX IPFilter on HP-UX 11i v1 (where HP-UX IPFilter is not installed by default but,
if installed, is automatically enabled) and HP-UX 11i v2 (where HP-UX IPFilter is installed
and enabled by default). Installing HP-UX IPFilter will not require a system reboot.
NOTE If Bastille/ITS is used (with the “Sec20MngDMZ” or “Sec30DMZ” install time
security levels), then HP-UX IPFilter will be automatically enabled.
For instructions on enabling HP-UX IPFilter on HP-UX 11i v3, see the HP-UX IPFilter
A.03.05.13 Administrator’s Guide. Once HP-UX IPFilter is enabled, it will be enabled
automatically on subsequent reboots.