HP-UX IPFilter V18.0 Administrator Guide for HP-UX 11i v3
allowing traffic through the firewall, 86
bidirectional with IPFilter, 86
debugging blocked traffic with, 86
gateway, 87
UDP negotiation, 85
IPSec and IPFilter, 85
IPv6
differences, 31
extension headers, 32
features, 31
file configuration, 31
filter rules, 31
fragmentation, 33
ICMPv6 filtering, 32
ipf, 33
protocol-based filtering, 32
rules configuration, 31
stateful ICMPv6, 32
tunneled packets, 32
unsupported features, 31, 97
K
kcmodule, 14
static linking, 116
kctune, 114
keep frags keyword, 26
keep limit
keyword, 35
keep limit rules
adding, 39
adding a subnet or IP address range rule, 39
adding individual rule, 39
changing current rule, 38
extracting, 40
integrating, 39
rule hits, 41
updating, 38
updating a subnet or IP address range, 39
keep state
ICMP, 25
keyword, 23
state table dump, 56
when to use, 23
keeping state
UDP, 24
with servers and flags, 23
kernel tunables
configuring, 114
fr_statemax, 113
fr_tcpidletimeout, 112
ipl_buffer_sz, 113
ipl_logall, 114
ipl_suppress, 113
keywords
bimap, 48
block, 17
flags, 21
from, 17
group, 27
icmp-type, 23, 73
in, 17
ipopts, 21
keep frags, 26
keep limit, 35
keep state, 23
log, 19, 61
log limit, 36
log limit freq, 37
map, 43
map-block, 44
on, 20
opt, 21
out, 17
pass, 17
port, 18
portmap, 43
proto, 17
quick, 19
rdr, 44
return-icmp-as-dest, 27
return-rst, 26
to, 17
with frags, 22
with short, 22
kmadmin
static linking, 116
kmsystem
static linking, 117
kmtune, 115
kmupdate
static linking, 117
L
l4check, 46
limiting connections
by IP address, 35
by subnet, 36
cumulative, 36
default individual limit, 36
loading software, 12
localhost filtering, 53
log keyword, 19, 61
body option, 62
first option, 62
log limit freq keyword, 37
log limit keyword, 36
log tags, 30
logging, 65
packets, 19
problems, 66
logging exceeded connections, 36
logging techniques, 61
M
map keyword, 43
map-block keyword, 44
memory allocation, 113
modifying DCA rules, 38
124 Index