HP-UX IPFilter A.03.05.14 Release Notes

HP-UX IPFilter Release Notes

What’s in This Version

Chapter 14

What’s in This Version

Benefits and Features

HP-UX IPFilter version A.03.05.14 provides the following key benefits:

• Protects an individual host on an intranet against internal attacks

• Protects an individual host on an intranet against external attacks which have breached

perimeter defenses

• Provides an alternative to the restricted configuration of Internet Services

• Protects bastion host on the perimeter or in the DMZ

The following major features are included with HP-UX IPFilter version A.03.05.14:

• Explicitly permits or denies a packet from passing through based on:

— IP address or a range of IP addresses

— IP protocol (IP/TCP/UDP)

—IP fragments

—IP options

— IP security classes

— TCP ports and port ranges

— UDP ports and port ranges

— ICMP message type and code

— Combination of TCP flags

—Interface

• Allows control of incoming TCP connections through DCA

• Supports NAT, which lets an intermediate HP-UX system act as a translator of IP

addesses and network ports

• Sends back ICMP error/TCP reset for blocked packets

• Keeps packet state information for TCP, UDP, and ICMP

• Keeps fragment state information for any IP packet, applying the same rule to all

fragments