HP-UX IPFilter V17.05 Administrator Guide
allowing traffic through the firewall, 116
bidirectional with IPFilter, 116
debugging blocked traffic with, 116
gateway, 118
UDP negotiation, 115
IPSec and IPFilter, 115
IPv6
differences, 44
extension headers, 45
features, 44
file configuration, 43
filter rules, 44
fragmentation, 46
ICMPv6 filtering, 44
ipf, 47
protocol-based filtering, 44
rules configuration, 43
stateful ICMPv6, 44
tunneled packets, 45
unsupported features, 44, 126
K
kcmodule, 21
static linking, 147
kctune, 143
keep frags keyword, 36
keep limit
keyword, 51
keep limit rules
adding, 56
adding a subnet or IP address range rule, 56
adding individual rule, 56
changing current rule, 55
extracting, 57
integrating, 56
rule hits, 59
updating, 55
updating a subnet or IP address range, 56
keep state
ICMP, 35
keyword, 33, 34
state table dump, 80
when to use, 34
keeping state
UDP, 35
with servers and flags, 34
kernel tunables
configuring, 143
fr_statemax, 142
fr_tcpidletimeout, 142
ipl_buffer_sz, 142
ipl_logall, 143
ipl_suppress, 143
keywords
bimap, 69
block, 26
flags, 31
from, 26
group, 39
icmp-type, 33, 99
in, 26
ipopts, 32
keep frags, 36
keep limit, 51
keep state, 33
log, 29, 86
log limit, 52
log limit freq, 53
map, 64
map-block, 65
on, 30
opt, 32
out, 26
pass, 26
port, 27
portmap, 64
proto, 26
quick, 29
rdr, 66
return-icmp-as-dest, 38
return-rst, 38
to, 26
with frags, 33
with short, 33
kmadmin
static linking, 147
kmsystem
static linking, 148
kmtune, 144
kmupdate
static linking, 148
L
l4check, 67
limiting connections
by IP address, 51
by subnet, 52
cumulative, 52
default individual limit, 52
loading software, 20
localhost filtering, 75
log keyword, 29, 86
body option, 87
first option, 86
log limit freq keyword, 53
log limit keyword, 52
log tags, 42
logging, 90
packets, 29
problems, 91
logging exceeded connections, 52
logging techniques, 86
M
map keyword, 64
map-block keyword, 65
memory allocation, 142
modifying DCA rules, 55
155