HP-UX IPFilter V17.05 Administrator Guide HP-UX 11i v2 and HP-UX 11i v3
allowing traffic through the firewall, 85
bidirectional with IPFilter, 85
debugging blocked traffic with, 85
gateway, 86
UDP negotiation, 84
IPSec and IPFilter, 84
IPv6
differences, 31
extension headers, 32
features, 31
file configuration, 31
filter rules, 31
fragmentation, 33
ICMPv6 filtering, 32
ipf, 33
protocol-based filtering, 32
rules configuration, 31
stateful ICMPv6, 32
tunneled packets, 32
unsupported features, 31, 96
K
kcmodule, 14
static linking, 115
kctune, 113
keep frags keyword, 26
keep limit
keyword, 35
keep limit rules
adding, 39
adding a subnet or IP address range rule, 39
adding individual rule, 39
changing current rule, 38
extracting, 40
integrating, 39
rule hits, 41
updating, 38
updating a subnet or IP address range, 39
keep state
ICMP, 25
keyword, 23, 24
state table dump, 55
when to use, 24
keeping state
UDP, 25
with servers and flags, 24
kernel tunables
configuring, 113
fr_statemax, 112
fr_tcpidletimeout, 111
ipl_buffer_sz, 112
ipl_logall, 113
ipl_suppress, 112
keywords
bimap, 47
block, 17
flags, 21
from, 17
group, 27
icmp-type, 23, 72
in, 17
ipopts, 22
keep frags, 26
keep limit, 35
keep state, 23
log, 19, 60
log limit, 36
log limit freq, 37
map, 43
map-block, 44
on, 20
opt, 22
out, 17
pass, 17
port, 18
portmap, 43
proto, 17
quick, 19
rdr, 44
return-icmp-as-dest, 27
return-rst, 26
to, 17
with frags, 23
with short, 23
kmadmin
static linking, 115
kmsystem
static linking, 116
kmtune, 114
kmupdate
static linking, 116
L
l4check, 46
limiting connections
by IP address, 35
by subnet, 36
cumulative, 36
default individual limit, 36
loading software, 12
localhost filtering, 52
log keyword, 19, 60
body option, 61
first option, 61
log limit freq keyword, 37
log limit keyword, 36
log tags, 30
logging, 64
packets, 19
problems, 65
logging exceeded connections, 36
logging techniques, 60
M
map keyword, 43
map-block keyword, 44
memory allocation, 112
modifying DCA rules, 38
123