Manualshelf

HP-UX IPFilter Version 15.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
11121314151617181920
About This Document
This document describes how to install, configure, and troubleshoot HP-UX IPFilter version
15.01.
The latest version of this document can be found online at http://docs.hp.com.
Intended Audience
This document is intended for network managers or network security administrators who install,
configure, and troubleshoot HP-UX IPFilter on HP 9000 systems. Administrators are expected
to have knowledge of HP-UX operating system concepts, commands, and configuration.
Administrators are also expected to have knowledge of TCP/IP networking concepts and network
configuration.
This document is not a tutorial.
New and Changed Information in This Edition
The documentation reflects the following changes to the HP-UX IPFilter product:
Support for IPv6 interfaces on HP-UX 11i v3 systems. In previous releases, IPFilter supported
IPv6 interfaces on HP-UX 11i v1 and HP-UX 11i v2 only.
The Direct Connection Allocation (DCA) feature now supports IPv6 rules.
The ipftest utility now supports IPv6 rules.
The new kernel tunable parameter, ipf_icmp6_passthru. The default setting of this
parameter allows all ICMPv6 Router Discovery and Neighbor Discovery packets to bypass
normal IPFilter rule processing and always pass through the system.
Administrators can now distinguish between IPv4 rule sets and IPv6 rule sets when switching
active and inactive rule sets with the ipf -s command. The ipf -s command now supports
the -6 option to specify the IPv6 rule sets. In previous releases, the ipf -s command
switched active and inactive rule sets for both IPv4 rule sets and IPv6 rule sets.
This document has the following new information and structural changes:
The chapter previously titled Rules and Keywords is now titled “Configuring and Loading
IPv4 Filter Rules.” The Network Address Translation information is now in a separate
chapter, titled “Configuring and Loading Network Address Translation (NAT) Rules.”
The chapter previously titled Firewall Building Concepts is now titled Tips for Securing Your
System.” Some of the sections in this chapter are now in the chapter “Configuring and
Loading IPv4 Filter Rules.”
Chapter 10, “HP-UX IPFilter and ICMP,” is a new chapter that contains information about
configuring ICMP features for optimal security and how to configure the corresponding
IPFilter rules.
Chapter 12, HP-UX IPFilter and NFS and RPC,” now contains information about configuring
NFS to use static ports.
Appendix A, “Product Specifications,” is a new appendix that contains information about
HP-UX IPFilter file names, supported and unsupported utilities, and supported and
unsupported links.
Typographic Conventions
This document uses the following typographical conventions:
%, $, or #
A percent sign represents the C shell system prompt. A dollar
sign represents the system prompt for the Bourne, Korn, and
POSIX shells. A number sign represents the superuser prompt.
Intended Audience 13