Manualshelf

HP-UX IPFilter V17.05 Administrator Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
21222324252627282930
3 Configuring and Loading IPv4 Filter Rules
This chapter describes how to configure IPFilter rules to filter IPv4 packets. It first describes how
to use the basic rule syntax to create rules that pass or block IPv4 packets based on IP addresses,
protocol, and port number. The chapter then describes additional options and features you can
use to filter IPv4 packets.
This chapter contains the following sections:
“IPv4 Filter Rules Configuration File” (page 25)
“Format” (page 25)
“Rule Order and Processing” (page 25)
“Basic Rule Syntax: Specifying the Action, Direction, Protocol, IP Addresses, and Ports”
(page 26)
“pass and block: Specifying the Filter Action” (page 26)
“in and out: Specifying the Filter Direction” (page 26)
“proto: Specifying the Upper Layer Protocol” (page 26)
“from and to: Specifying IP Addresses and Subnets” (page 26)
“port: Specifying TCP and UDP Ports” (page 27)
“Rate-based Filtering” (page 28)
“Processing Options: Logging Packets, Optimizing Rule Processing, and Specifying Interfaces”
(page 29)
“Option Order” (page 29)
“log: Logging Packets” (page 29)
“quick: Optimizing IPFilter Rules Processing” (page 29)
“on: Filtering by Network Interfaces” (page 30)
“Protocol Options: TCP Flags, IP Options and Fragments, ICMP Types and State Information”
(page 31)
“Option Order” (page 31)
“flags: Specifying TCP Header Flags” (page 31)
“with opt and ipopts: Specifying IP Options” (page 32)
“with frag and with short: Selecting Fragmented IP Packets” (page 33)
“icmp-type and code: Filtering ICMP Traffic by Type and Code” (page 33)
“keep state: Protecting TCP, UDP, and ICMP Sessions” (page 33)
“State Aging” (page 36)
“keep frags: Handling IP Fragments” (page 36)
“Sending Responses for Blocked TCP and UDP Packets” (page 38)
“return-rst: Responding to Blocked TCP Packets” (page 38)
“return-icmp-as-dest: Responding to Blocked UDP Packets” (page 38)
“Improving Performance with Rule Groups ” (page 39)
“Loading IPv4 Filter Rules” (page 41)
“Verifying IPv4 Filter Rules” (page 41)
“Removing IPFilter Rules” (page 42)
“Rule Tags” (page 42)
23