Manualshelf

HP-UX IPFilter V17.05 Administrator Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
11121314151617181920
1 Overview
HP-UX IPFilter, product number B9901AA version 17.05, is a TCP/IP packet filter suitable for
use as a system firewall. The version string is A.11.31.17.05 for HP-UX 11i v3.
HP-UX IPFilter functions as a firewall by examining and limiting packets allowed in and out of
an HP-UX system, which can be either an end node or an IP router. Although HP-UX IPFilter is
a superset of the functionality in the IPFilter 3.5 Alpha 5 open source version of the product
(developed by Darren Reed), HP does not support some of the perimeter firewall features in that
release, such as firewall stealth (fastroute). If you are using features that are not supported
by HP, you can request support from the open source IPFilter web site at the following URL:
http://caligula.anu.edu.au/~avalon
For a complete list of commands and utilities that are not supported by HP, see “Supported and
Unsupported Features” (page 18).
HP-UX IPFilter version 17.05 is available from the HP Software Depot at the following URL:
http://www.software.hp.com.
1.1 Benefits and Features
HP-UX IPFilter provides the following key benefits:
Protects an individual host on an intranet against internal attacks
Protects an individual host on an intranet against external attacks that have breached
perimeter defenses
Provides an alternative to the restricted configuration of Internet Services
Protects a bastion host on the perimeter of a private network or in the “demilitarized zone”
(DMZ)
The following major features are included with HP-UX IPFilter:
Rate-based filtering
Address pooling
The ippool utility
The ippool.conf file
State aging
Log tags
NAT tags
Sticky NAT sessions
Connection health checking with l4check
IPFilter Log Events analysis
Rule groups
Explicitly permit or deny a packet from passing through based on:
IP address or a range of IP addresses
IP protocol (IP/TCP/UDP)
IP fragments
IP options
IP security classes
TCP ports and port ranges
UDP ports and port ranges
ICMP message type and code
Combination of TCP flags
Network interface
1.1 Benefits and Features 17