Manualshelf

HP-UX IPFilter V18.0 Administrator Guide for HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
11121314151617181920
NOTE: Do not run the HP-UX IPFilter product when the system is booted in single-user mode.
2.4 Step 3: Verifying the installation
Use the following commands to verify the HP-UX IPFilter installation.
1. Verify HP-UX IPFilter is running:
ipf -V
ipf: HP IP Filter: v3.5alpha5 (A.11.31.18.00) (488)
Kernel: HP IP Filter: v3.5alpha5 (A.11.31.18.00)
Enabled: yes
Filtering: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1
2. Verify HP-UX IPFilter is correctly loaded.
On HP-UX 11i v2 and HP-UX 11i v3:
# kcmodule -v -q pfil
# kcmodule -v -q ipf
Verify that the state is loaded.
2.5 Step 4: (Optional) Modifying kernel tunable parameters
HP-UX IPFilter supports kernel tunable parameters that affect IPFilter logging behavior and the
IPFilter state table. For information about modifying the parameters, see Appendix C (page 112).
In addition, Chapter 11 (page 73) describes system kernel tunable parameters that control ICMP
features and how to configure the parameters to optimize security.
NOTE: The HP-UX IPFilter installation script disables subnet broadcast packet forwarding by
setting the kernel tunable parameter ip_forward_directed_broadcasts to 0. HP recommends
that you leave this feature disabled unless you have a specific need for your node to forward subnet
broadcast packets. Attackers can use subnet broadcast packet forwarding to amplify attacks in
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.
2.6 Removing HP-UX IPFilter
Use the following procedure to remove HP-UX IPFilter.
14 Installing HP-UX IPFilter