HP-UX IPFilter Version 15.01 Administrator's Guide
NOTE: The HP-UX IPFilter installation script disables subnet broadcast packet forwarding by
setting the kernel tunable parameter ip_forward_directed_broadcasts to 0. HP
recommends that you leave this feature disabled unless you have a specific need for your node
to forward subnet broadcast packets. Attackers can use subnet broadcast packet forwarding to
amplify attacks in Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.
Removing HP-UX IPFilter
Use the following procedure to remove HP-UX IPFilter.
1. On HP-UX 11i v3 systems, disable HP-UX IPFilter:
/opt/ipf/bin/ipfilter -d
2. Use swremove to remove HP-UX IPFilter:
swremove IPFilter
CAUTION: Disabling or enabling IPFilter using /opt/ipf/bin/ipfilter briefly brings
down all network interface cards and the system will lose network connectivity for a short period.
Unless there is heavy network traffic, this interruption has no or little overall effect on existing
connections.
HP recommends that you do not enable or disable HP-UX IPFilter when critical network
applications are running. If you have applications that may interpret a network interruption as
a network card failure, such as Serviceguard, HP recommends that you schedule enabling or
disabling IPFilter when interrupting network connectivity is not disruptive.
22 Installing HP-UX IPFilter