Manualshelf

HP-UX IPFilter V17.05 Administrator Guide HP-UX 11i v2 and HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
81828384858687888990
13.3 Using the rpc.ipfboot script to update IPFilter rules
The /etc/opt/ipf/rpc.ipf/rpc.ipfboot script to queries the port mapper and updates
IPFilter rules files with the appropriate port numbers. This script is useful if you cannot run the
auxiliary NFS daemons using fixed ports as described in the previous section, or if you want IPFilter
to process packets for other daemons that use the RPC mechanism.
NOTE: The files and scripts used in this procedure serve as basic building blocks for use at startup
time. All files are installed in /etc/opt/ipf/rpc.ipf. The configuration files must be present
in the appropriate directories for the scripts to work correctly.
To use the /etc/opt/ipf/rpc.ipf/rpc.ipfboot script:
1. Copy the sample file to /etc/rc.config.d/rpc_ipfconf
cp rpc_ipfconf.sample /etc/rc.config.d/rpc_ipfconf
Edit the file as needed.
2. Create the rpc.ipf directory and change to that directory.
mkdir /etc/opt/ipf/rpc.ipf
cd /etc/opt/ipf/rpc.ipf
3. Create an empty RPC rules file.
touch /etc/opt/ipf/rpc.ipf/rpc.rules
4. Start the script configuration.
./rpc.ipfboot start
13.3.1 Rules files
This section gives details on the two rules files that contain the IPFilter rules for RPC. The two rules
files are:
The IPFilter rules file specified in $IPF_CONF in /etc/rc.config.d/ipfconf
The IPFilter RPC rules file specified in $RPC_RULES_FILE specified in /etc/rc.config.d/
rpc_ipfconf
NOTE: See the following section for a description of /etc/rc.config.d/rpc_ipfconf.
A sample file is also provided.
To incorporate the dynamic ports used by the RPC processes, the administrator should decide the
position from which RPC rule should be configured by setting RPC_RULE_POSITION to the desired
value. For example:
RPC_RULE_POSITION=5
The RPC rules will then be added from the 5th position onwards. If there are 10 RPC rules, they
will be inserted at positions 5 to 14. The position must be chosen carefully. If there are only two
rules present, then RPC_RULE_POSITION must be 1,2 or 3 [RPC_RULE_POSITION =
current_#_of_rules]. The Original rules file specified in /etc/rc.config.d/ipfconf
containing other rules is not modified.
By default, all RPC rules are configured as the first rules, for example, RPC_RULE_POSITION=1.
The RPC rules are well defined in terms of IP addresses and ports and will have unique matches
and, since they are quick rules, they should be at top.
13.3.2 RPC rules configuration file
This file specifies details based on which IPFilter RPC rules will be generated. /etc/opt/ipf/
rpc.ipf/rpc_ipfconf.sample is provided as an example.
82 HP-UX IPFilter with NFS and RPC