Manualshelf

HP-UX IPFilter v18.21 Administrator Guide HP-UX 11i v3 (761995-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
41424344454647484950
l4check cannot add rules with sticky password.
This feature is available only on HP-UX 11i v3.
Syntax
l4check [-nv] -f <filename>
Options
-n Do not add to or delete NAT rdr rules. Only print any action to stdout.
-v Prints verbose output to stdout.
-f <filename> Specifies the configuration file l4check requires. For more information
about how to populate the configuration file, see the /etc/opt/ipf/
l4check.conf_template file.
Sample l4check.config_template file
#
NOTE: ORDER IS IMPORTANT IN THIS FILE
#
# Interface to do the redirections on and the IP address, Port which will be
# targeted.
#
# For Example:
#
# If a connection to say a "192.168.1.2,23" (specified via "remote server"
# directive) is successful with proper response, then with the interface
# details: "interface nf0 192.168.1.1,2100" in the l4check configuration
# file, a nat rdr rule will get dynamically added by l4check as:
#
# rdr nf0 192.168.1.1/32 port 2100 -> 192.168.1.2 port 23 tcp round-robin
#
# If the connection to "192.168.1.2,23" fails, a similar nat rdr rule
# will be dynamically deleted.
#
interface nf0 192.168.1.1,2100
#
# Timeout for a single connection to a "remote server" in Seconds.
#
connect timeout 1
#
# frequency in seconds to check for "remote server" connection
#
connect frequency 20
#
# l4check can send a request string or contents of a file on a successful
# connection to the "remote server". Use the "probe string" or "probe file"
# directive for this.
#
# Comment the "probe" directive, if no probe is required.
#
# If no probe string is specified, a successful connection implies the
# server is still alive.
#
probe string GET /\n\n
#probe file http.check
#
# Waiting time in seconds for a response of a "probe string" or "probe file"
# on a per connection basis.
#
response timeout 4
#
# l4check checks the response from "remote server" by matching it against
# a string or the contents of a file. Use the "response string" or
# "response file" directive for this.
#
response string <HTML>
#response file http.ok
Redirecting inbound packets: rdr 49