HP-UX IPFilter v18.21 Administrator Guide HP-UX 11i v3 (761995-001, March 2014)
debugging blocked traffic with, 91
gateway, 92
UDP negotiation, 90
IPSec and IPFilter, 90
IPv6
differences, 31
extension headers, 32
features, 31
file configuration, 31
filter rules, 31
fragmentation, 33
ICMPv6 filtering, 32
ipf, 33
protocol-based filtering, 32
rules configuration, 31
stateful ICMPv6, 32
tunneled packets, 32
unsupported features, 31, 102
K
kcmodule, 15
static linking, 122
kctune, 119
keep frags keyword, 26
keep limit
keyword, 35
keep limit rules
adding, 41
adding a subnet or IP address range rule, 41
adding individual rule, 41
changing current rule, 40
extracting, 41
integrating, 41
rule hits, 42
updating, 40
updating a subnet or IP address range, 40
keep state
ICMP, 25
keyword, 23
state table dump, 62
when to use, 23
keeping state
UDP, 24
with servers and flags, 23
kernel tunables
configuring, 119
fr_statemax, 118
fr_tcpidletimeout, 117
ipl_buffer_sz, 118
ipl_logall, 119
ipl_suppress, 119
keywords
bimap, 50
block, 17
flags, 21
from, 17
group, 27
icmp-type, 22, 78
in, 17
ipopts, 21
keep frags, 26
keep limit, 35
keep state, 23
log, 19, 67
map, 45
map-block, 46
on, 20
opt, 21
out, 17
pass, 17
port, 18
portmap, 45
proto, 17
quick, 19
rdr, 46
return-icmp-as-dest, 27
return-rst, 26
to, 17
with frags, 22
with short, 22
kmadmin
static linking, 122
kmsystem
static linking, 123
kmtune, 120
kmupdate
static linking, 123
L
l4check, 48
LARGE NAT, 50
Enabling or disabling LARGE NAT, 50
Tuning the HASH table sizes, 51
limiting connections
by IP address, 35
by subnet, 36
cumulative, 36
default individual limit, 36
loading software, 13
localhost filtering, 59
log keyword, 19, 67
body option, 68
first option, 68
log tags, 29
logging, 71
packets, 19
problems, 72
logging techniques, 67
M
map keyword, 45
map-block keyword, 46
memory allocation, 118
modifying DCA rules, 39
monitoring IPFilter, 68
multi-level grouping, 28
130 Index