HP-UX IPFilter V17.05 Administrator Guide HP-UX 11i v2 and HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software

Contents

1 Overview................................................................................................10

1.1 Benefits and features..........................................................................................................10

1.2 Supported and unsupported features...................................................................................11

2 Installing HP-UX IPFilter..............................................................................12

2.1 Overview of HP-UX IPFilter installation..................................................................................12

2.1.1 Installation and configuration checklist...........................................................................12

2.2 Step 1: Checking HP-UX IPFilter installation prerequisites........................................................12

2.3 Step 2: Installing HP-UX IPFilter...........................................................................................12

2.4 Step 3: Verifying the installation..........................................................................................14

2.5 Step 4: (Optional) Modifying kernel tunable parameters........................................................14

2.6 Removing HP-UX IPFilter.....................................................................................................14

3 Configuring and loading IPv4 filter rules......................................................16

3.1 IPv4 filter rules configuration file..........................................................................................16

3.1.1 Format......................................................................................................................16

3.1.2 Rule order and processing...........................................................................................16

3.2 Basic rule syntax: specifying the action, direction, protocol, IP addresses, and ports...................16

3.2.1 Specifying the filter action: pass and block....................................................................17

3.2.2 Specifying the filter direction: in and out......................................................................17

3.2.3 Specifying the upper layer protocol: proto....................................................................17

3.2.4 Specifying IP addresses and subnets: from and to..........................................................17

3.2.4.1 Examples..........................................................................................................18

3.2.4.2 Specifying all IP addresses: all............................................................................18

3.2.4.2.1 Example....................................................................................................18

3.2.5 Specifying TCP and UDP ports: port.............................................................................18

3.2.5.1 Service names...................................................................................................18

3.3 Rate-based filtering...........................................................................................................18

3.4 Processing options: logging packets, optimizing rule processing, and specifying interfaces.........19

3.4.1 Option order.............................................................................................................19

3.4.2 Logging packets: log.................................................................................................19

3.4.3 Optimizing IPFilter rules processing: quick....................................................................19

3.4.4 Filtering by network interfaces: on...............................................................................20

3.5 Protocol options: TCP flags, IP options and fragments, ICMP types and state information............20

3.5.1 Option order.............................................................................................................21

3.5.2 Specifying TCP header flags: flags..............................................................................21

3.5.3 Specifying IP options: with opt and ipopts....................................................................22

3.5.3.1 Specifying options not set: not opt........................................................................22

3.5.3.2 Specifying any IP options: ipopts.........................................................................22

3.5.4 Selecting fragmented IP packets: with frag and with short...............................................22

3.5.4.1 Selecting IP packet fragments: with frag................................................................23

3.5.4.2 Selecting short fragments: with short....................................................................23

3.5.5 Filtering ICMP traffic by type and code: icmp-type and code...........................................23

3.5.6 Protecting TCP, UDP, and ICMP sessions: keep state.......................................................23

3.5.6.1 Allocating memory for the state table....................................................................24

3.5.6.2 Using keep state with TCP...................................................................................24

3.5.6.2.1 Idle timeout................................................................................................24

3.5.6.3 Using keep state with UDP..................................................................................25

3.5.6.3.1 Idle timeout................................................................................................25

Contents 3