Manualshelf

HP-UX IPFilter Version 15.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
21222324252627282930
3 Configuring and Loading IPv4 Filter Rules
This chapter describes how to configure IPFilter rules to filter IPv4 packets. It first describes how
to use the basic rule syntax to create rules that pass or block IPv4 packets based on IP addresses,
protocol, and port number. The chapter then describes additional options and features you can
use to filter IPv4 packets.
This chapter contains the following sections:
“IPv4 Filter Rules Configuration File” (page 24)
“Format” (page 24)
“Rule Order and Processing” (page 24)
“Basic Rule Syntax: Specifying the Action, Direction, Protocol, IP Addresses, and Ports”
(page 25)
“pass and block: Specifying the Filter Action” (page 25)
“in and out: Specifying the Filter Direction” (page 25)
“proto: Specifying the Upper Layer Protocol” (page 25)
“from and to: Specifying IP Addresses and Subnets” (page 25)
“port: Specifying TCP and UDP Ports” (page 26)
“Processing Options: Logging Packets, Optimizing Rule Processing, and Specifying Interfaces”
(page 28)
“Option Order” (page 28)
“log: Logging Packets” (page 28)
“quick: Optimizing IPFilter Rules Processing” (page 28)
“on: Filtering by Network Interfaces” (page 29)
“Protocol Options: TCP Flags, IP Options and Fragments, ICMP Types and State Information”
(page 30)
“Option Order” (page 30)
“flags: Specifying TCP Header Flags” (page 30)
“with opt and ipopts: Specifying IP Options” (page 31)
“with frag and with short: Selecting Fragmented IP Packets” (page 32)
“icmp-type and code: Filtering ICMP Traffic by Type and Code” (page 32)
“keep state: Protecting TCP, UDP, and ICMP Sessions” (page 32)
“keep frags: Handling IP Fragments” (page 35)
“Sending Responses for Blocked TCP and UDP Packets” (page 36)
“return-rst: Responding to Blocked TCP Packets” (page 36)
“return-icmp-as-dest: Responding to Blocked UDP Packets” (page 36)
“Improving Performance with Rule Groups ” (page 37)
“Loading IPv4 Filter Rules” (page 38)
“Verifying IPv4 Filter Rules” (page 39)
“Removing IPFilter Rules” (page 38)
NOTE: Most of the information in this chapter has been derived from the IPFilter-based Firewalls
HOWTO document written by Brendan Conoby and Erik Fichtner. You can find this document
at the following URL:
http://www.obfuscation.org/ipf/
23