Manualshelf

HP-UX IPFilter V18.0 Administrator Guide for HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
41424344454647484950
7 Address pooling
NOTE: Address pooling is available only on HP-UX 11i v3.
7.1 The ippool utility
Address pools establish a single reference that is used to name a group of address/netmask pairs.
Address pools:
Facilitate management of large groups of addresses
Reduce time to match IP addresses with rules
Improve performance
The ippool utility manages information stored in the IP pools subsystem of IPFilter. Configuration
file information can be parsed and loaded into the kernel. Configured pools can be removed,
changed, or inspected. For more information, see the ippool(1M) and ippool(4) manpages.
7.2 The ippool.conf file
The IP pool configuration file defines a single object that contains a reference to multiple IP
address/netmask pairs. A pool can consist of a mixture of netmask sizes from 0 to 32.
NOTE: Only IPv4 addressing is supported.
The IP pool configuration file provides the table command to efficiently match IP addresses with
rules. The table command defines a lookup table that provides a single filter rule reference to
multiple targets.
The ippool.conf file is provided in /etc/opt/ipf/ippool.conf. When ipfilter is
enabled, any pools defined in ippool.conf are loaded .
NOTE: If rules are defined for ippool, verfy that the corresponding pools are defined in /etc/
opt/ipf/ippool.conf. Otherwise, the ipf rules for the corresponding pools are not loaded
when ipfilter is enabled.
The following storage formats are provided:
The hash table format is used with objects that contain the same netmask or a few different
sized netmasks of non-overlapping address space.
The tree structure supports exceptions to a covering mask. Searching is also supported.
NOTE: If the storage format is not specified with the t option, the storage format will be tree
structure by default.
IMPORTANT: Pools defined in the configuration file must have an associated role. The only
supported role is ipf.
For more information and examples, see the ippool(4) manpage.
7.3 Configuring address pool
7.3.1 Syntax
table role = <role name> type = <storage format> name = <pool name>
{Address list separated by semicolon}
Where
7.1 The ippool utility 49