Manualshelf

HP-UX IPFilter V18.0 Administrator Guide for HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
71727374757677787980
11.2.6 Using ndd to configure ICMPv4 kernel parameters
The ICMPv4 (ICMP) kernel tunable parameters in this chapter are all configured using the ndd
utility. Parameter values that you set by running ndd are not retained when the system reboots.
You can configure parameter values in the ndd startup file, /etc/rc.config.d/nddconf, so
ndd will set the configured values each time the system starts up. To add an ICMP configuration
value to /etc/rc.config.d/nddconf, specify ip as the transport name and use the following
syntax:
TRANSPORT_NAME[index]=ip
NDD_NAME[index]=parameter_name
NDD_VALUE[index]=value
where:
index is the index number for the entry in the nddconf file. Index numbers must start from 0 and
increment sequentially.
parameter_name is the name of the ICMP parameter, such as ip_ire_gw_probe.
value is the parameter value.
For example:
TRANSPORT_NAME[0]=ip
NDD_NAME[0]=ip_ire_gw_probe
NDD_VALUE[0]=0
To configure a value for an ICMP parameters using the ndd command, specify /dev/ip as the
network device and use the following syntax:
ndd -set /dev/ip parameter_name value
For example:
ndd -set /dev/ip ip_ire_gw_probe 0
Use the following syntax to query the value of a kernel tunable:
ndd -get /dev/ip parameter_name
For example:
ndd -get /dev/ip ip_ire_gw_probe
11.3 Filtering ICMPv6 packets by type and code: icmpv6type and
code
You can filter specific types of ICMPv6 traffic using the icmpv6-type and code keywords. You
must specify proto icmpv6 to use the icmpv6-type and code keywords. A simplified rule
syntax is as follows:
block|pass in|out [processing_options] proto icmpv6 ip_selector
icmpv6-type type_value [code code_value]
where:
processing_options is one or more processing options, such as quick. See Section 3.4
(page 19).
ip_selector is the IP address specification using the keyword all, or the from and to keywords
and IPv6 addresses. See Section 3.2 (page 16).
type_value is the decimal value for the ICMPv6 type. Note that by default, HP-UX IPFilter allows
ICMPv6 Router Discovery and Neighbor Discovery to bypass IPFilter rulesets and always pass in
and out of the system. See Section 11.4 (page 78) for more information.
code_value is the decimal value for the ICMPv6 code.
The IANA list of assigned ICMPv6 type numbers option numbers contains the registered ICMPv6
type and code values and the documents that define these values. This list is available at:
11.3 Filtering ICMPv6 packets by type and code: icmpv6–type and code 77