Manualshelf

HP-UX IPFilter V17.05 Administrator Guide HP-UX 11i v2 and HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
51525354555657585960
block ip 28(20) 17 10.1.81.195,16000 > 10.1.85.196,16000
--------------
input: out on lan0 udp 10.1.84.196,16000 10.1.81.195,16000
nomatch ip 28(20) 17 10.1.84.196,16000 > 10.1.81.195,16000
--------------
input: out on lan1 udp 10.1.85.196,16000 10.1.81.195,16000
nomatch ip 28(20) 17 10.1.85.196,16000 > 10.1.81.195,16000
--------------
input: out on lan0 icmp 10.1.84.196 10.1.84.195
nomatch ip 48(20) 1 10.1.84.196 > 10.1.84.195
--------------
input: in on lan0 icmp 10.1.84.195 10.1.84.196
pass ip 48(20) 1 10.1.84.195 > 10.1.84.196
--------------
input: out on lan0 udp 10.1.80.196,16001 10.1.84.195,16000
nomatch ip 28(20) 17 10.1.80.196,16001 > 10.1.84.195,16000
--------------
input: out on lan0 udp 10.1.80.196,16001 10.1.85.195,16000
nomatch ip 28(20) 17 10.1.80.196,16001 > 10.1.85.195,16000
--------------
input: in on lan0 udp 10.1.84.195,16000 10.1.80.196,16001
pass ip 28(20) 17 10.1.84.195,16000 > 10.1.80.196,16001
--------------
input: in on lan0 udp 10.1.85.195,16000 10.1.80.196,16001
block ip 28(20) 17 10.1.85.195,16000 > 10.1.80.196,16001
--------------
Each result is one of the following: pass, block, or nomatch. For HP-UX IPFilter, the default is
pass. From the results you can verify that the filter should operate as expected.
More complex rulesets and sample traffic can be tested to reflect a production environment.
9.3 Logging IPFilter packets
This section describes how to use the log keyword in IPFilter rules to configure logging and how
to use the ipmon utility to view IPFilter log records
9.3.1 Using the log keyword to configure IPFilter logging
To configure logging, specify the log keyword in an IPFilter rule after the in or out keyword, as
described in Section 3.4.2 (page 19). The log keyword directs IPFilter to log packets matching
the rule to the IPFilter logging device, /dev/ipl. To view log entries, use the ipmon utility as
described in Section 9.3.2 (page 61) . You can use the ipmon -s command to send the output
from /dev/ipl to syslog.
IPFilter supports the following options with the log keyword to refine the log entries:
level
first
body
9.3.1.1 level log-level
You can control the level of logging IPFilter does by specifying the level log-level option
with the log keyword in a rule.
The syntax for level is:
log level facility.priority | priority
60 Troubleshooting HP-UX IPFilter