HP-UX IPFilter V18.10 Release Notes for HP-UX 11i v3

HP-UX IPFilter, product number B9901AA V18.10 is a TCP/IP packet filter suitable for use as a

system firewall to protect back-end servers. The firewall functions as a security defense by cutting

down the number of exposure points on a machine. Although HP-UX IPFilter is a superset of the

functionality in the IPFilter 3.5 Alpha 5 open source version of the product (developed by Darren

Reed), HP does not support some of the perimeter firewall features in that release. If you are using

features that are not supported by HP, you can request support from the open source IPFilter website.

The URL for this site is http://caligula.anu.edu.au/~avalon.

The HP-UX IPFilter V18.10 product is supported on HP-UX 11i v3 systems. HP-UX IPFilter V18.10

http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c02713862/c02713862.pdf

HP-UX IPFilter V18.10 provides the following key benefits:

• Protects an individual host on an intranet against internal attacks

• Protects an individual host on an intranet against external attacks which have breached

perimeter defenses

• Provides an alternative to the restricted configuration of Internet Services

• Protects bastion host on the perimeter or in the DMZ

The following major features are included with HP-UX IPFilter V18.10:

• Explicitly permits or denies a packet from passing through based on:

◦ UDP ports and port ranges

◦ ICMP message type and code

◦ Combination of TCP flags

◦ Interface

• Allows control of incoming TCP connections through DCA

• Supports NAT, which lets an intermediate HP-UX system act as a translator of IP addresses

and network ports