HP-UX IPFilter V17.05 Administrator Guide HP-UX 11i v2 and HP-UX 11i v3
5.9.2.1 Adding a new individual keep limit rule................................................................39
5.9.2.2 Adding a new subnet or IP address range rule.......................................................39
5.9.3 Integrating keep limit rules..........................................................................................39
5.9.4 Extracting an individual rule from a subnet rule.............................................................40
5.10 Enabling and disabling DCA............................................................................................40
5.10.1 Enabling and disabling DCA using ipf........................................................................40
5.10.2 Configuring IPFilter to enable DCA at system startup.....................................................40
5.11 Using IPFilter utilities with DCA..........................................................................................40
5.11.1 keep limit rules and rule hits........................................................................................41
5.11.1.1 Limits and hit counts............................................................................................41
5.12 Monitoring and allocating memory for DCA data................................................................41
6 Configuring and loading NAT rules............................................................42
6.1 NAT rules configuration file.................................................................................................42
6.1.1 Format......................................................................................................................42
6.1.2 Rule order and processing...........................................................................................42
6.1.2.1 Using NAT rules with filter rules.............................................................................42
6.1.2.1.1 Inbound packets...........................................................................................42
6.1.2.1.2 Outbound packets........................................................................................42
6.2 NAT keywords..................................................................................................................42
6.2.1 Rule examples...........................................................................................................43
6.3 Mapping outbound packets: map and portmap....................................................................43
6.3.1 Examples..................................................................................................................43
6.3.2 portmap keyword......................................................................................................44
6.3.3 Mapping to a block of addresses: map-block................................................................44
6.4 Redirecting inbound packets: rdr........................................................................................44
6.4.1 Redirecting packets to a specific port...........................................................................45
6.4.2 Using NAT redirection with filtering.............................................................................45
6.4.3 Using the rdr and round-robin keywords for load balancing............................................45
6.4.4 Sticky NAT sessions...................................................................................................46
6.4.5 Checking connection health with l4check.....................................................................46
6.4.5.1 Syntax..............................................................................................................46
6.4.5.2 Options............................................................................................................46
6.4.5.3 Sample config file..............................................................................................46
6.5 Bidirectional mapping: bimap............................................................................................47
6.6 Loading NAT rules............................................................................................................47
7 Address pooling.......................................................................................48
7.1 The ippool utility................................................................................................................48
7.2 The ippool.conf file...........................................................................................................48
7.3 Configuring address pool...................................................................................................48
7.3.1 Syntax......................................................................................................................48
7.3.2 Examples..................................................................................................................49
8 Tips for securing your system......................................................................50
8.1 Blocking services by port number and protocol.....................................................................50
8.1.1 Example: firewall on a web server................................................................................50
8.1.2 Example: firewall for multiple services...........................................................................50
8.2 Creating a complete filter by interface.................................................................................51
8.3 Combining IP address and network interface filtering............................................................51
8.4 Using bidirectional filtering................................................................................................52
8.5 Using HP-UX IPFilter with end system security features............................................................52
Contents 5