Manualshelf

HP-UX IPFilter V18.0 Administrator Guide for HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
61626364656667686970
-s Switches the active ruleset with the inactive ruleset. IPFilter maintains
an active ruleset and an inactive ruleset. The active ruleset is the ruleset
used for IPFilter operations, and the inactive ruleset is a supplementary,
reserve ruleset.
If you specify this option with the -6 option, this option affects the IPv6
rulesets; if you specify it without the -6 option, this option affects the
IPv4 rulesets.
-Fa Flushes all rules in the specified ruleset. If you specify this option with
the -6 option, this option affects the IPv6 rulesets; if you specify it
without the -6 option, this option affects the IPv4 rulesets.
-Fi Flushes only the IN rules in the ruleset. If you specify this option with
the -6 option, this option affects the IPv6 rulesets; if you specify it
without the -6 option, this option affects the IPv4 rulesets.
-Fo Flushes only the OUT rules in the ruleset. If you specify this option with
the -6 option, this option affects the IPv6 rulesets; if you specify it
without the -6 option, this option affects the IPv4 rulesets.
-I Specifies that the action applies to the inactive ruleset. If you specify
this option with the -6 option, this option affects the IPv6 ruleset; if
you specify it without the -6 option, this option affects the IPv4 ruleset.
-Z Zeroes out the TCP Connections counters displayed in the ipfstat
output.
-m d|e|q|t Disables or enables DCA mode, queries the DCA mode, or toggles
DCA between being enabled or disabled by using the following
options:
d
Disables DCA.
e
Enables DCA.
q
Queries whether DCA is disabled or enabled.
t
Toggles DCA between disabled or enabled.
There is a single DCA mode for both IPv4 and IPv6 DCA processing.
Specifying the -6 option with the -m option has no effect. See
Section 5.10 (page 40) for more information about how to disable,
enable, query, or toggle DCA.
TIP: If you have no DCA rules (no keep limit rules), HP
recommends that you disable DCA.
-E interface_name Enables IPFilter processing for traffic on a given interface. If you specify
this option with the -6 option, it enables IPv6 IPFilter processing; if
you specify this option without the -6 option, it enables IPv4 IPFilter
processing.
-D interface_name Disables IPFilter processing for traffic on a given interface. If you specify
this option with the -6 option, it disables IPv6 IPFilter processing; if
you specify this option without the -6 option, it disables IPv4 IPFilter
10.1 The ipf utility 69