Manualshelf

HP-UX IPFilter V17.05 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
12345678910
3 Compatibility Information and Installation Requirements
3.1 Software Requirements
The system must have standard HP-UX 11i v3 core products installed. The following patches
are required:
If you are using HP-UX IPFilter with VLAN, you must install the following (or superseding)
patches:
— PHNE_24491 Gigabit Ethernet
— PHNE_25388 LAN
— PHNE_23465 BTLAN
— PHNE_29887 ARPA/Transport
You can also add the following patches for additional functionality:
— PHCO_24118 cumulative SAM/ObAM
— PHNE_24473 nettl(1M), netfmt(1M), nettladm(1M)
You should install HP-UX IPFilter with swinstall (SD-UX) at any time after the system has
been ignited with all other software and applied with all required patches. HP-UX IPFilter is a
dynamically loadable kernel module (DLKM). It will be automatically registered with the running
kernel during product installation.
3.2 Hardware Requirements
HP 9000 workstations and servers and HP Integrity Systems
3.3 OS Platform and Version Compatibility
HP-UX 11i v3
3.4 Other Requirements
ICMPv6 filtering must be carefully configured to ensure that an IPv6 network functions properly.
For example, do not block Neighbor Discovery messages (type 135 and 136). Other examples of
critical ICMPv6 messages are Destination Unreachable (type 1) and Packet Too Big (type 2).
HP-UX IPFilter enables you to uniquely identify an ICMPv6 message using its type and code.
A new keyword, icmpv6-type, is introduced. Use the following rule to pass ICMPv6 type 135
code 0 packets:
pass in quick proto icmpv6 from any to any icmpv6-type 135 code 0
NOTE: The type and code can only be specified as a decimal number.
At minimum, the following rules must be configured:
pass in quick proto icmpv6 from any to any icmpv6-type 133
pass in quick proto icmpv6 from any to any icmpv6-type 134
pass in quick proto icmpv6 from any to any icmpv6-type 135
pass in quick proto icmpv6 from any to any icmpv6-type 136
pass out quick proto icmpv6 from any to any icmpv6-type 133
pass out quick proto icmpv6 from any to any icmpv6-type 134
pass out quick proto icmpv6 from any to any icmpv6-type 135
pass out quick proto icmpv6 from any to any icmpv6-type 136
The following is additional information about message types 133-136:
133—Router solicitation
134—Router advertisement
3.1 Software Requirements 9