Manualshelf

HP-UX IPFilter v18.21 Administrator Guide HP-UX 11i v3 (761995-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
71727374757677787980
10 HP-UX IPFilter utilities
The ipf utility
The ipf utility performs a broad range of actions on the active and inactive IPFilter rulesets. You
can use ipf to add rules, delete rules, switch active and inactive rulesets, and flush the existing
ruleset from the system. You can perform other actions with ipf. See the ipf manpages for more
information.
Syntax
ipf -options [-f rules_file_name]
Options
The following are a few of the common options used with the ipf utility:
-6 Apply the action to the IPv6 filter ruleset or rulesets, or IPv6 processing.
To use this option, insert it immediately after the ipf command and
before any other options.
If you do not specify the -6 option, IPFilter applies the option to the
IPv4 ruleset or rulesets, or IPv4 processing.
-s Switches the active ruleset with the inactive ruleset. IPFilter maintains
an active ruleset and an inactive ruleset. The active ruleset is the ruleset
used for IPFilter operations, and the inactive ruleset is a supplementary,
reserve ruleset.
If you specify this option with the -6 option, this option affects the IPv6
rulesets; if you specify it without the -6 option, this option affects the
IPv4 rulesets.
-Fa Flushes all rules in the specified ruleset. If you specify this option with
the -6 option, this option affects the IPv6 rulesets; if you specify it
without the -6 option, this option affects the IPv4 rulesets.
-Fi Flushes only the IN rules in the ruleset. If you specify this option with
the -6 option, this option affects the IPv6 rulesets; if you specify it
without the -6 option, this option affects the IPv4 rulesets.
-Fo Flushes only the OUT rules in the ruleset. If you specify this option with
the -6 option, this option affects the IPv6 rulesets; if you specify it
without the -6 option, this option affects the IPv4 rulesets.
-I Specifies that the action applies to the inactive ruleset. If you specify
this option with the -6 option, this option affects the IPv6 ruleset; if
you specify it without the -6 option, this option affects the IPv4 ruleset.
-Z Zeroes out the TCP Connections counters displayed in the ipfstat
output.
-m d|e|q|t Disables or enables DCA mode, queries the DCA mode, or toggles
DCA between being enabled or disabled by using the following
options:
d
Disables DCA.
e
Enables DCA.
74 HP-UX IPFilter utilities