Manualshelf

HP-UX IPFilter Version 15.01 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
12345678
1 HP-UX IPFilter Release Notes
Announcement
HP-UX IPFilter, product number B9901AA version 15.01, is a TCP/IP packet filter suitable for
use as a system firewall. The version strings are as follows:
HP-UX IPFilter Version StringOS Version
A.11.31.15.01HP-UX 11i v3
A.11.23.15.01HP-UX 11i v2
A.11.11.15.01HP-UX 11i v1
HP-UX IPFilter functions as a firewall by examining and limiting packets allowed in and out of
an HP-UX system, which can be either an end node or an IP router. Although HP-UX IPFilter is
a superset of the functionality in the IPFilter 3.5 Alpha 5 open source version of the product
(developed by Darren Reed), HP does not support some of the perimeter firewall features in that
release, such as firewall stealth (fastroute). If you are using features that are not supported by
HP, you can request support from the open source IPFilter web site at the following URL:
http://caligula.anu.edu.au/~avalon
For a complete list of commands and utilities that are not supported by HP, see “Supported and
Unsupported Features” (page 6).
HP-UX IPFilter version 15.01 is available from the HP Software Depot at the following URL:
http://www.software.hp.com.
What’s in New This Version
HP-UX IPFilter version 15.01 supports the following new features:
Support for IPv6 interfaces on HP-UX 11i v3 systems. In previous releases, IPFilter supported
IPv6 interfaces on HP-UX 11i v1 and HP-UX 11i v2 only.
The Dynamic Connection Allocation (DCA) feature now supports IPv6 rules.
The ipftest utility now supports IPv6 rules.
The kernel tunable parameter, ipf_icmp6_passthru. The default setting of this parameter
allows all ICMPv6 Router Discovery and Neighbor Discovery packets to bypass normal
IPFilter rule processing and always pass through the system.
Administrators can now distinguish between IPv4 rule sets and IPv6 rule sets when switching
active and inactive rule sets with the ipf -s command. The ipf -s command now supports
the -6 option to specify the IPv6 rule sets. In previous releases, the ipf -s command
switched active and inactive rule sets for both IPv4 rule sets and IPv6 rule sets.
Defect fixes.
For more information about the defect fixes, see “Fixes in This Version” (page 7) of this release
note.
Known Problems and Workarounds
On HP-UX 11i v1 systems, DCA is not supported with IPv6 addresses.
The startup script for HP-UX IPFilter automatically disables the ip_forward_directed_broadcasts
parameter. This keeps the system from being subjected to broadcast-storm attacks that can
bring down a network.
Announcement 5