HP-UX IPFilter v18.21 Administrator Guide HP-UX 11i v3 (761995-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software

nomatch ip 28(20) 17 10.1.84.196,16000 > 10.1.81.195,16000

--------------

input: out on lan1 udp 10.1.85.196,16000 10.1.81.195,16000

nomatch ip 28(20) 17 10.1.85.196,16000 > 10.1.81.195,16000

--------------

input: out on lan0 icmp 10.1.84.196 10.1.84.195

nomatch ip 48(20) 1 10.1.84.196 > 10.1.84.195

--------------

input: in on lan0 icmp 10.1.84.195 10.1.84.196

pass ip 48(20) 1 10.1.84.195 > 10.1.84.196

--------------

input: out on lan0 udp 10.1.80.196,16001 10.1.84.195,16000

nomatch ip 28(20) 17 10.1.80.196,16001 > 10.1.84.195,16000

--------------

input: out on lan0 udp 10.1.80.196,16001 10.1.85.195,16000

nomatch ip 28(20) 17 10.1.80.196,16001 > 10.1.85.195,16000

--------------

input: in on lan0 udp 10.1.84.195,16000 10.1.80.196,16001

pass ip 28(20) 17 10.1.84.195,16000 > 10.1.80.196,16001

--------------

input: in on lan0 udp 10.1.85.195,16000 10.1.80.196,16001

block ip 28(20) 17 10.1.85.195,16000 > 10.1.80.196,16001

--------------

Each result is one of the following: pass, block, or nomatch. For HP-UX IPFilter, the default is

pass. From the results you can verify that the filter should operate as expected.

More complex rulesets and sample traffic can be tested to reflect a production environment.

Logging IPFilter packets

This section describes how to use the log keyword in IPFilter rules to configure logging and how

to use the ipmon utility to view IPFilter log records

Using the log keyword to configure IPFilter logging

To configure logging, specify the log keyword in an IPFilter rule after the in or out keyword, as

described in Section (page 19). The log keyword directs IPFilter to log packets matching the rule

to the IPFilter logging device, /dev/ipl. To view log entries, use the ipmon utility as described

in Section (page 68) . You can use the ipmon -s command to send the output from /dev/ipl

to syslog.

IPFilter supports the following options with the log keyword to refine the log entries:

• level

• first

• body

level log-level

You can control the level of logging IPFilter does by specifying the level log-level option

with the log keyword in a rule.

The syntax for level is:

log level facility.priority | priority

The valid values for facility are:

mailuserkern

syslogauthdaemon

uucpnewslpr

Logging IPFilter packets 67