HP-UX IPFilter V18.0 Administrator Guide for HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software

5.9.2.1 Adding a new individual keep limit rule................................................................39

5.9.2.2 Adding a new subnet or IP address range rule.......................................................39

5.9.3 Integrating keep limit rules..........................................................................................39

5.9.4 Extracting an individual rule from a subnet rule.............................................................40

5.10 Enabling and disabling DCA............................................................................................40

5.10.1 Enabling and disabling DCA using ipf........................................................................40

5.10.2 Configuring IPFilter to enable DCA at system startup.....................................................40

5.11 Using IPFilter utilities with DCA..........................................................................................40

5.11.1 keep limit rules and rule hits........................................................................................41

5.11.1.1 Limits and hit counts............................................................................................41

5.12 Monitoring and allocating memory for DCA data................................................................41

6 Configuring and loading NAT rules............................................................42

6.1 NAT rules configuration file.................................................................................................42

6.1.1 Format......................................................................................................................42

6.1.2 Rule order and processing...........................................................................................42

6.1.2.1 Using NAT rules with filter rules.............................................................................42

6.1.2.1.1 Inbound packets...........................................................................................42

6.1.2.1.2 Outbound packets........................................................................................42

6.2 NAT keywords..................................................................................................................42

6.2.1 Rule examples...........................................................................................................43

6.3 Mapping outbound packets: map and portmap....................................................................43

6.3.1 Examples..................................................................................................................43

6.3.2 portmap keyword......................................................................................................44

6.3.3 Mapping to a block of addresses: map-block................................................................44

6.4 Redirecting inbound packets: rdr........................................................................................44

6.4.1 Redirecting packets to a specific port...........................................................................45

6.4.2 Using NAT redirection with filtering.............................................................................45

6.4.3 Using the rdr and round-robin keywords for load balancing............................................45

6.4.4 Sticky NAT sessions...................................................................................................46

6.4.5 Verifying connection health with l4check......................................................................46

6.4.5.1 Known issues and limitations...............................................................................46

6.4.5.2 Syntax.............................................................................................................46

6.4.5.3 Options............................................................................................................47

6.4.5.4 Sample l4check.config_template file....................................................................47

6.5 Bidirectional mapping: bimap............................................................................................48

6.6 Loading NAT rules............................................................................................................48

7 Address pooling.......................................................................................49

7.1 The ippool utility................................................................................................................49

7.2 The ippool.conf file...........................................................................................................49

7.3 Configuring address pool...................................................................................................49

7.3.1 Syntax......................................................................................................................49

7.3.2 Examples..................................................................................................................50

8 Tips for securing your system......................................................................51

8.1 Blocking services by port number and protocol.....................................................................51

8.1.1 Example: firewall on a web server................................................................................51

8.1.2 Example: firewall for multiple services...........................................................................51

8.2 Creating a complete filter by interface.................................................................................52

8.3 Combining IP address and network interface filtering............................................................52

8.4 Using bidirectional filtering................................................................................................53

8.5 Using HP-UX IPFilter with end system security features............................................................53

Contents 5