HP-UX IPFilter Version 15.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software

with short: Selecting Short Fragments.......................................................................................32

icmp-type and code: Filtering ICMP Traffic by Type and Code.....................................................32

keep state: Protecting TCP, UDP, and ICMP Sessions.....................................................................32

Allocating Memory for the State Table......................................................................................33

Using Keep State with TCP........................................................................................................33

Idle Timeout..........................................................................................................................34

Using Keep State with UDP.......................................................................................................34

Idle Timeout..........................................................................................................................34

Using Keep State with ICMP......................................................................................................34

Idle Timeout..........................................................................................................................34

ICMP Error Status Messages................................................................................................34

keep frags: Handling IP Fragments.................................................................................................35

Sending Responses for Blocked TCP and UDP Packets.......................................................................36

return-rst: Responding to Blocked TCP Packets.............................................................................36

return-icmp-as-dest: Responding to Blocked UDP Packets............................................................36

Improving Performance with Rule Groups .........................................................................................37

Loading IPv4 Filter Rules.....................................................................................................................38

Removing IPFilter Rules..................................................................................................................38

Verifying IPv4 Filter Rules...............................................................................................................39

4 Configuring and Loading IPv6 Filter Rules................................................................41

IPv6 Filter Rules Configuration File.....................................................................................................41

Features Not Supported with IPv6.......................................................................................................42

IPv6 Filter Rule Syntax Differences......................................................................................................42

Specifying Addresses......................................................................................................................42

Filtering ICMPv6 Packets................................................................................................................42

Stateful ICMPv6.........................................................................................................................42

IPv6 Extension Headers...................................................................................................................42

Filtering Tunneled Packets..............................................................................................................43

Filtering IPv6 Fragments.................................................................................................................43

Sending ICMPv6 Responses............................................................................................................44

Loading IPv6 Filter Rules.....................................................................................................................45

Verifying IPv6 Filter Rules...............................................................................................................45

5 Configuring and Loading Dynamic Connection Allocation (DCA) Rules...............47

DCA with HP-UX IPFilter....................................................................................................................48

Overview: DCA Functionality.........................................................................................................48

Using DCA.................................................................................................................................48

DCA Rules Configuration Files............................................................................................................48

DCA Rule Syntax and Keywords.........................................................................................................49

DCA Rule Conditions......................................................................................................................49

keep limit: Limiting Connections.........................................................................................................49

Limiting Connections by IP Address..............................................................................................49

Limiting Connections by Subnet.....................................................................................................50

Limiting Connections by IP Address Range...................................................................................50

Default Individual Connection Limits............................................................................................50

return-rst: Returning RESET Packets....................................................................................................50

cumulative: Limiting Cumulative Connections...................................................................................50

log limit: Logging Exceeded Connections............................................................................................50

Summary Logs and Cumulative Limits..........................................................................................51

log limit freq: Log Frequency ...............................................................................................................51

Loading and Modifying DCA Rules.....................................................................................................53

Updating keep limit Rules...............................................................................................................53

4 Table of Contents