HP-UX IPFilter Version 15.01 Administrator's Guide

The ipfilter Utility (HP-UX 11i v3)

The ipfilter utility enables, disables, and reports the IPFilter state. The ipfilter utility is

supported only on HP-UX 11i v3.

Syntax

/opt/ipf/bin/ipfilter -d|e|q

Options

-e

Enables the HP-UX IPFilter module.

-d

Disables the HP-UX IPFilter module.

-q

Queries the HP-UX IPFilter module and displays whether it is enabled or disabled.

CAUTION: Disabling or enabling IPFilter using /opt/ipf/bin/ipfilter briefly brings

down all network interface cards and the system will lose network connectivity for a short period.

Unless there is heavy network traffic, this interruption has no or little effect on existing

connections. However, some applications may interpret a network interruption as a card failure.

For example, Serviceguard may interpret a network interruption as a card failure, which can

cause it to reform the cluster.

HP recommends that you do not enable or disable HP-UX IPFilter when critical network

applications are running. HP recommends that you schedule enabling or disabling IPFilter when

interrupting network connectivity is not disruptive.

NOTE: The state of HP-UX IPFilter (enabled or disabled) remains the same after the system

reboots. After you have enabled HP-UX IPFilter, there is no need to disable it or re-enable it for

normal operation.

Example

Because enabling HP-UX IPFilter brings down all the network interface cards and then brings

them back up, HP recommends that you query the current IPFilter state using the ipfilter

-q command to verify that you need to enable it.

# /opt/ipf/bin/ipfilter -q

# /opt/ipf/bin/ipfilter -e

The ipfilter Utility (HP-UX 11i v3) 93