Manualshelf

HP-UX IPFilter V18.0 Administrator Guide for HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
11121314151617181920
block in from 10.10.10.0/24 to any
The following rule blocks all inbound packets from the addresses 10.10.10.1, 10.10.10.2, and
10.10.10.3 to any IP address:
block in from 10.10.10.1-10.10.10.3 to any
The following rule blocks all inbound packets with the destination address 192.168.2.1:
block in from any to 192.168.2.1
The following rule blocks all inbound packets that do not have the destination address 10.1.1.1:
block in from any to !10.1.1.1
3.2.4.2 Specifying all IP addresses: all
The all keyword is an alternative to the from and to IP address selector and specifies all IP
addresses.
3.2.4.2.1 Example
block in all
IPFilter expands this rule to block in from any to any.
3.2.5 Specifying TCP and UDP ports: port
You can use IPFilter to block traffic for specific TCP or UDP ports. This feature is useful for blocking
requests to network services such as telnet or rlogin, which are sent to the well-known or
IANA registered port number for each service.
For example, you can block incoming telnet service requests (which are sent to TCP port 23)
with the following rule:
block in proto tcp from any to any port = 23
You can also pass or block traffic on a range of ports, such as the range of dynamic port numbers
used by client telnet processes. The following is a list of operands you can use with port numbers:
ResultAliasOperand
true if port is less than the specified valuelt<
true if port is greater than the specified valuegt>
true if port is equal to the specified valueeq=
true if port is not equal to the specified valuene!=
true if port is less than or equal to the specified valuele<=
true if port is greater than or equal to the specified valuege>=
3.2.5.1 Service names
You can specify a service name defined in the /etc/services file instead of the port number
when specifying a single port (when using the = operand). For example, you can configure the
following rule:
block in proto tcp from any to any port = telnet
3.3 Rate-based filtering
Packet flow is controlled by defining the rate in packets per second of matching packets passing
through a machine. This function is useful against a SYN/ACK flood type of attack.
For example, to allow 10 outbound packets per second from any source address to the destination
address 10.1.1.42:
pass out from any to 10.1.1.42/32 pps 10
18 Configuring and loading IPv4 filter rules