HP-UX IPFilter Version 16 Administrator's Guide
Unsupported Features
HP-UX IPFilter does not support the following features:
• Filtering loopback packets. The HP-UX transport stack is optimized so that loopback packets
are not passed to any modules below IP, such as IPFilter. Loopback packets include the
following:
— Packets with the destination address in the range 127.0.0.0 - 127.255.255.255
— Packets with a destination address that is assigned to a local network interface card
— Packets sent to or received from the loopback interface (lo0)
• IPFilter NAT functionality for IPv6
• Dynamic Connection Allocation (DCA) functionality for IPv6 on HP-UX 11i v1
• Using the Remote Procedure Call (RPC) script /etc/opt/ipf/rpc.ipf with IPv6. This
script generates IPFilter rules for RPC ports.
Note that you can still configure IPFilter rules for NFS services by configuring NFS to use
static port numbers. See Chapter 12 (page 103) for more information.
Supported Utilities
HP-UX IPFilter supports the following utilities:
• /sbin/ipf
• /sbin/ipfstat
• /opt/ipf/bin/ipmon
• /opt/ipf/bin/ipftest
• /sbin/ipnat
• /opt/ipf/bin/ipfilter (supported on HP-UX 11i v3 only)
Unsupported Utilities
HP does not support the following public domain IPFilter utilities and commands:
• Rule keywords
— dup-to
— fastroute
— to
• Commands
— ipscan
— ipsyncs
— ipsyncm
— ipfs
— ipsend
— ipresend
• Application proxy
Supported and Unsupported Interfaces
The following table lists the interfaces supported for the current versions of HP-UX IPFilter.
CAUTION: For all versions of HP-UX IPFilter, the unsupported interfaces do not interact with
IPFilter. IPFilter does not block or protect the system from traffic on unsupported interfaces.
On HP-UX 11i v3 systems, you can use the ipfstat -Q command to list the IP interfaces that
are protected by IPFilter.
HP-UX IPFilter is not tested with any third party products.
118 Product Specifications