HP-UX IPFilter Version 15.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software

Changing the Current Individual, Subnet, or IP Address Range Rule......................................53

Updating a Subnet or IP Address Range Rule...........................................................................54

Adding New keep limit Rules.........................................................................................................54

To Add a New Individual keep limit Rule:................................................................................54

To Add a New Subnet or IP Address Range Rule:....................................................................54

Integrating keep limit Rules............................................................................................................55

Extracting an Individual Rule from a Subnet Rule.........................................................................55

Enabling and Disabling DCA...............................................................................................................56

Enabling and Disabling DCA Using ipf..........................................................................................56

Configuring IPFilter to Enable DCA at System Startup Time.........................................................56

Using IPFilter Utilities with DCA.........................................................................................................56

keep limit Rules and Rule Hits........................................................................................................57

Limits and Hit Counts................................................................................................................57

Monitoring and Allocating Memory for DCA Data.............................................................................58

6 Configuring and Loading Network Address Translation (NAT) Rules....................59

NAT Rules Configuration File..............................................................................................................59

Format..............................................................................................................................................59

Rule Order and Processing..............................................................................................................59

Using NAT Rules with Filter Rules............................................................................................59

Inbound Packets....................................................................................................................59

Outbound Packets.................................................................................................................60

NAT Keywords.....................................................................................................................................61

map and portmap: Mapping Outbound Packets..................................................................................62

Examples..........................................................................................................................................62

portmap Keyword...........................................................................................................................62

map-block: Mapping to a Block of Addresses.................................................................................63

rdr: Redirecting Inbound Packets.........................................................................................................64

Redirecting Packets to a Specific Port..............................................................................................64

Using NAT Redirection with Filtering............................................................................................64

Using the rdr and round-robin Keywords for Load Balancing......................................................65

bimap: Bidirectional Mapping..............................................................................................................66

Loading NAT Rules..............................................................................................................................67

7 Tips for Securing Your System.....................................................................................69

Blocking Services by Port Number and Protocol..................................................................................69

Example: Firewall on a Web Server.................................................................................................69

Example: Firewall for Multiple Services.........................................................................................69

Creating a Complete Filter by Interface................................................................................................70

Combining IP Address and Network Interface Filtering.....................................................................70

Using Bidirectional Filtering.................................................................................................................71

Using HP-UX IPFilter with End System Security Features..................................................................71

8 Troubleshooting HP-UX IPFilter....................................................................................73

Viewing IPFilter Statistics and Active Rules with ipfstat.....................................................................74

Syntax..............................................................................................................................................74

Options............................................................................................................................................74

Examples..........................................................................................................................................75

Testing Rules with ipftest......................................................................................................................79

Syntax..............................................................................................................................................79

Options............................................................................................................................................79

Example...........................................................................................................................................80

Logging IPFilter Packets.......................................................................................................................82

Table of Contents 5