HP-UX IPFilter Version 15.01 Administrator's Guide

Table of Contents
About This Document .....................................................................................................13
Intended Audience................................................................................................................................13
New and Changed Information in This Edition...................................................................................13
Typographic Conventions.....................................................................................................................13
Related Information..............................................................................................................................14
Publishing History................................................................................................................................15
HP Encourages Your Comments..........................................................................................................15
1 Overview.......................................................................................................................17
Benefits and Features............................................................................................................................17
Supported and Unsupported Features.................................................................................................18
2 Installing HP-UX IPFilter................................................................................................19
Overview of HP-UX IPFilter Installation..............................................................................................19
Installation and Configuration Checklist........................................................................................19
Step 1: Checking HP-UX IPFilter Installation Prerequisites.................................................................19
Step 2: Installing HP-UX IPFilter..........................................................................................................19
Step 3: Verifying the Installation...........................................................................................................21
Step 4: (Optional) Modifying Kernel Tunable Parameters...................................................................21
Removing HP-UX IPFilter....................................................................................................................22
3 Configuring and Loading IPv4 Filter Rules................................................................23
IPv4 Filter Rules Configuration File.....................................................................................................24
Format..............................................................................................................................................24
Rule Order and Processing..............................................................................................................24
Basic Rule Syntax: Specifying the Action, Direction, Protocol, IP Addresses, and Ports.....................25
pass and block: Specifying the Filter Action...................................................................................25
in and out: Specifying the Filter Direction......................................................................................25
proto: Specifying the Upper Layer Protocol....................................................................................25
from and to: Specifying IP Addresses and Subnets........................................................................25
Examples....................................................................................................................................26
all: Specifying All IP Addresses.................................................................................................26
Example.................................................................................................................................26
port: Specifying TCP and UDP Ports...............................................................................................26
Service Names............................................................................................................................27
Processing Options: Logging Packets, Optimizing Rule Processing, and Specifying Interfaces.........28
Option Order...................................................................................................................................28
log: Logging Packets........................................................................................................................28
quick: Optimizing IPFilter Rules Processing...................................................................................28
on: Filtering by Network Interfaces.................................................................................................29
Protocol Options: TCP Flags, IP Options and Fragments, ICMP Types and State Information..........30
Option Order...................................................................................................................................30
flags: Specifying TCP Header Flags................................................................................................30
with opt and ipopts: Specifying IP Options....................................................................................31
not opt: Specifying Options Not Set...........................................................................................31
ipopts: Specifying Any IP Options.............................................................................................31
with frag and with short: Selecting Fragmented IP Packets...........................................................32
with frag: Selecting IP Packet Fragments...................................................................................32
Table of Contents 3