HP-UX IPFilter v18.21 Administrator Guide HP-UX 11i v3 (761995-001, March 2014)
A Product specifications
Configuration files
HP-UX IPFilter uses the following configuration files:
• /sbin/init.d/ipfboot
The startup script for the ipf module.
• /etc/rc.config.d/ipfconf
Configuration file for the ipfboot startup script. The information in this file determines how
HP-UX IPFilter starts when the system is booted and also specifies the location of the rules files.
• /etc/opt/ipf/ipf.conf
The default IPFilter IPv4 rules file. Any rules present in this file are automatically loaded at
bootup by the ipfboot startup script.
• /etc/opt/ipf/ipnat.conf
The default IPFilter NAT rules file.
• /etc/opt/ipf/ipf6.conf
The default IPFilter IPv6 rules file.
Example configuration files
HP-UX IPFilter includes example configuration files, installed in the /opt/ipf/examples directory.
See Appendix B (page 106) for more information.
Unsupported features
HP-UX IPFilter does not support the following features:
• Filtering loopback packets. The HP-UX transport stack is optimized so that loopback packets
are not passed to any modules below IP, such as IPFilter. Loopback packets include the
following:
◦ Packets with the destination address in the range 127.0.0.0 - 127.255.255.255
◦ Packets with a destination address that is assigned to a local network interface card
◦ Packets sent to or received from the loopback interface (lo0)
• IPFilter NAT functionality for IPv6
• Dynamic Connection Allocation (DCA) functionality for IPv6 on HP-UX 11i v1
• Using the Remote Procedure Call (RPC) script /etc/opt/ipf/rpc.ipf with IPv6. This script
generates IPFilter rules for RPC ports.
Note that you can still configure IPFilter rules for NFS services by configuring NFS to use static
port numbers. See Chapter 13 (page 87) for more information.
Supported utilities
HP-UX IPFilter supports the following utilities:
• /sbin/ipf
• /sbin/ipfstat
• /opt/ipf/bin/ipmon
• /opt/ipf/bin/ipftest
102 Product specifications