Manualshelf

HP-UX IPFilter v18.21 Administrator Guide HP-UX 11i v3 (761995-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
21222324252627282930
IPFilter maintains an active ruleset and an inactive ruleset. The active ruleset is the ruleset used
for IPFilter operations, and the inactive ruleset is a supplementary, reserve ruleset.
By default, IPFilter applies the flush (-F) and file (-f) operations to the active ruleset. You can
also explicitly direct IPFilter to apply an operation to the active ruleset with the -A option. For
example:
ipf -Fa -A -f /etc/opt/ipf/ipf.conf
This command flushes the all previously configured rules (-Fa), reads the rules in the /etc/
opt/ipf/ipf.conf file (-f), and loads these rules as the active rules (-A).
To apply the ipf action to the inactive ruleset, specify the -I option. For example, the following
command flushes all rules in the inactive ruleset and adds rules from the/etc/opt/ipf/
ipf.conf file to the inactive rule set:
ipf -IFa -f /etc/opt/ipf/ipf.conf
To swap the current active ruleset with the new inactive ruleset, specify the -s option:
ipf -s
To selectively flush only the inbound rules, specify the -Fi option. For example:
ipf -Fi
To selectively flush only the outbound rules, specify the -Fo option. For example:
ipf -Fo
You can also specify the -Fi or -Fo option with a filename. This flushes the inbound or
outbound rules from the current ruleset, then reads in the rules from the specified file. For
example:
ipf -Fo -f /etc/opt/ipf/ipf.conf
Verifying IPv4 filter rules
You can use the following commands to verify IPv4 filter rules:
Use the ipfstat -io command to list the active inbound and outbound rules.
Use the ipf -V command to verify that IPFilter is running.
Use the ipfstat -ioh command to list the active inbound and outbound rules and the
number of hits, or matching packets, for each rule.
For more information about IPFilter utilities, see Chapter 10 (page 74).
Removing IPFilter rules
You can use the following command to remove rules that are listed in a file from the ruleset:
ipf -r -f delete_rule_file
You can use this command when IPFilter is running.
Rule tags
Log tags
This tag is used in IPF rules to help with parsing log files. Use log tags to find a particular logged
packet belonging to an IPF rule.
For example, to block all TCP packets from 10.1.1.42 and ipmon log packets in syslog and use
log-tag (log-tag rule1) to help with parsing logfile:
block in log proto tcp from 10.1.1.42/32 to any set-tag(log=rule1)
Rule tags 29