HP-UX IPFilter v18.21 Administrator Guide HP-UX 11i v3 (761995-001, March 2014)
Contents
HP secure development lifecycle....................................................................10
1 Overview................................................................................................11
Benefits and features...............................................................................................................11
Supported and unsupported features.........................................................................................12
2 Installing HP-UX IPFilter..............................................................................13
Overview of HP-UX IPFilter installation.......................................................................................13
Installation and configuration checklist..................................................................................13
Step 1: Verifying HP-UX IPFilter installation prerequisites...............................................................13
Step 2: Installing HP-UX IPFilter.................................................................................................13
Step 3: Verifying the installation...............................................................................................14
Step 4: (Optional) Modifying kernel tunable parameters..............................................................15
Removing HP-UX IPFilter...........................................................................................................15
3 Configuring and loading IPv4 filter rules......................................................16
IPv4 filter rules configuration file...............................................................................................16
Format..............................................................................................................................16
Rule order and processing..................................................................................................16
Basic rule syntax: specifying the action, direction, protocol, IP addresses, and ports........................16
Specifying the filter action: pass and block............................................................................17
Specifying the filter direction: in and out...............................................................................17
Specifying the upper layer protocol: proto.............................................................................17
Specifying IP addresses and subnets: from and to..................................................................17
Examples.....................................................................................................................17
Specifying all IP addresses: all........................................................................................18
Example..................................................................................................................18
Specifying TCP and UDP ports: port.....................................................................................18
Service names..............................................................................................................18
Rate-based filtering.................................................................................................................18
Processing options: logging packets, optimizing rule processing, and specifying interfaces...............19
Option order.....................................................................................................................19
Logging packets: log..........................................................................................................19
Optimizing IPFilter rules processing: quick.............................................................................19
Filtering by network interfaces: on........................................................................................20
Protocol options: TCP flags, IP options and fragments, ICMP types and state information..................20
Option order.....................................................................................................................20
Specifying TCP header flags: flags.......................................................................................21
Specifying IP options: with opt and ipopts.............................................................................21
Specifying options not set: not opt...................................................................................22
Specifying any IP options: ipopts.....................................................................................22
Selecting fragmented IP packets: with frag and with short........................................................22
Selecting IP packet fragments: with frag...........................................................................22
Selecting short fragments: with short................................................................................22
Filtering ICMP traffic by type and code: icmp-type and code...................................................22
Protecting TCP, UDP, and ICMP sessions: keep state................................................................23
Allocating memory for the state table...............................................................................23
Using keep state with TCP..............................................................................................23
Idle timeout.............................................................................................................24
Using keep state with UDP..............................................................................................24
Idle timeout.............................................................................................................25
Using keep state with ICMP............................................................................................25
Idle timeout.............................................................................................................25
Contents 3