Manualshelf

HP-UX IPFilter v18.21 Administrator Guide HP-UX 11i v3 (761995-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
61626364656667686970
Each packet descriptor must be contained on one line. By default,
the format for each packet descriptor is as follows:
in|out [on interface] [protocol] src_host[,src_port] dest_host[,dest_port] [flags]
Where:
interface Specifies the interface name, such as lan0.
protocol Specifies the protocol name. Valid values are:
tcp
udp
icmp
icmpv6
src_host Specifies the source IP address or host name.
src_port Specifies the source TCP or UDP port number. You
must specify src_port if you specified the protocol
tcp or udp.
dest_host Specifies the destination IP address or host name.
dest_port Specifies the destination TCP or UDP port number.
You must specify dest_port if you specified the
protocol tcp or udp.
flags Specifies TCP flags as a sequence of one or more
characters that indicate TCP flags. This parameter
is valid only if you specified the protocol tcp. The
valid characters are:
A (ACK - Acknowledgement)
F (FIN - No more data)
P (PUSH - Push function)
R (RST - Reset the connection)
S (SYN - Synchronize sequence numbers)
U (URG - Urgent)
The ipftestutility supports additional options to specify the input format and to control packet
testing. For a complete list of options and uses, see the ipftest manpage.
Example
The following ruleset is used for this example:
block in all
pass in from 10.1.84.195 to any
The input file contains the following packet descriptors:
in on lan0 udp 10.1.84.195,16000 10.1.84.196,16000
in on lan1 udp 10.1.84.195,16000 10.1.85.196,16000
in on lan0 udp 10.1.84.195,16000 10.1.80.196,16000
in on lan0 udp 10.1.85.195,16000 10.1.84.196,16000
in on lan1 udp 10.1.85.195,16000 10.1.85.196,16000
in on lan0 udp 10.1.85.195,16000 10.1.80.196,16000
out on lan0 udp 10.1.84.196,16000 10.1.84.195,16000
out on lan1 udp 10.1.85.196,16000 10.1.84.195,16000
out on lan0 udp 10.1.80.196,16000 10.1.84.195,16000
out on lan0 udp 10.1.84.196,16000 10.1.85.195,16000
out on lan1 udp 10.1.85.196,16000 10.1.85.195,16000
out on lan0 udp 10.1.80.196,16000 10.1.85.195,16000
Testing rules with ipftest 65