Manualshelf

HP-UX IPFilter V18.0 Administrator Guide for HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
71727374757677787980
10.3.2 Options
-e Enables the HP-UX IPFilter module.
-d Disables the HP-UX IPFilter module.
-q Queries the HP-UX IPFilter module and displays whether it is enabled or disabled.
-l Lists the interfaces and shows which are protected or unprotected by IPFilter.
-ei Enables IPFilter in interactive mode.
-di Disables IPFilter in interactive mode.
CAUTION: HP recommends that you enable or disable IPFilter when interrupting network
connectivity is not disruptive. Additionally, HP recommends that you do not enable or disable
HP-UX IPFilter when critical network applications are running.
IMPORTANT: Disabling or enabling IPFilter brings down all IP interfaces, and then brings up
only the IP interfaces configured in the /etc/rc.config.d/netconf and /etc/rc.config.d/
netconf-ipv6 files. IP addresses not configured in the netconf or netconf-ipv6 file, such
as Serviceguard relocatable IP addresses, are not re-enabled.
IMPORTANT: Enabling or disabling IPFilter causes the system to briefly lose network connectivity.
If a system has several IP interfaces or heavy network traffic occurs, the time required to re-establish
network connectivity might be interpreted as a network or card failure. For example, Serviceguard
might interpret a network interruption as a card failure, which can cause it to reform the cluster.
NOTE: The state of HP-UX IPFilter (enabled or disabled) remains the same after the system reboots.
After you have enabled HP-UX IPFilter, disabling or re-enabling is not necessary for normal operation.
10.3.3 Example
Because enabling HP-UX IPFilter brings down all the network interface cards and then brings them
back up, HP recommends that you query the current IPFilter state using the ipfilter -q command
to verify that you need to enable it.
# /opt/ipf/bin/ipfilter -q
# /opt/ipf/bin/ipfilter -e
10.4 The ippool utility
The ippool utility is used to manage information stored in the IP pools subsytem of IPFilter.
For more information, see Chapter 7 (page 49) or the ippool(8) manpage.
10.4.1 Syntax
ippool -options
10.4.2 Global options
-d Toggle debugging of processing the configuration file.
-n Prevents ippool from making ioctl calls or altering the running kernel.
-v Turns verbose mode on.
10.4.3 Command options
-a Adds a new data node to an existing pool in the kernel.
-A Adds a new (empty) pool to the kernel.
10.4 The ippool utility 71