Manualshelf

HP-UX IPFilter v18.21 Administrator Guide HP-UX 11i v3 (761995-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
71727374757677787980
-C Deletes the current ruleset.
-F Flushes active mappings.
-r Removes rules from the NAT rules file.
Example
Enter the following command:
ipnat -CF -f /etc/opt/ipf/ipnat.conf
This command flushes any existing NAT rules and removes any active mappings, then loads the
NAT rules in the ipnat.conf file.
The ipfilter utility (HP-UX 11i v3)
The ipfilter utility enables, disables, and reports the IPFilter state. The ipfilter utility is
supported only on HP-UX 11i v3.
Syntax
/opt/ipf/bin/ipfilter -d|e|q|l|ei|di
Options
-e Enables the HP-UX IPFilter module.
-d Disables the HP-UX IPFilter module.
-q Queries the HP-UX IPFilter module and displays whether it is enabled or disabled.
-l Lists the interfaces and shows which are protected or unprotected by IPFilter.
-ei Enables IPFilter in interactive mode.
-di Disables IPFilter in interactive mode.
CAUTION: HP recommends that you enable or disable IPFilter when interrupting network
connectivity is not disruptive. Additionally, HP recommends that you do not enable or disable
HP-UX IPFilter when critical network applications are running.
IMPORTANT: Disabling or enabling IPFilter brings down all IP interfaces, and then brings up
only the IP interfaces configured in the /etc/rc.config.d/netconf and /etc/rc.config.d/
netconf-ipv6 files. IP addresses not configured in the netconf or netconf-ipv6 file, such
as Serviceguard relocatable IP addresses, are not re-enabled.
IMPORTANT: Enabling or disabling IPFilter causes the system to briefly lose network connectivity.
If a system has several IP interfaces or heavy network traffic occurs, the time required to re-establish
network connectivity might be interpreted as a network or card failure. For example, Serviceguard
might interpret a network interruption as a card failure, which can cause it to reform the cluster.
NOTE: The state of HP-UX IPFilter (enabled or disabled) remains the same after the system reboots.
After you have enabled HP-UX IPFilter, disabling or re-enabling is not necessary for normal operation.
Example
Because enabling HP-UX IPFilter brings down all the network interface cards and then brings them
back up, HP recommends that you query the current IPFilter state using the ipfilter -q command
to verify that you need to enable it.
# /opt/ipf/bin/ipfilter -q
# /opt/ipf/bin/ipfilter -e
76 HP-UX IPFilter utilities