HP-UX IPFilter Version 16 Administrator's Guide
example.7
# block all ICMP packets.
#
block in proto icmp all
#
# allow in ICMP echos and echo-replies.
#
pass in on lan1 proto icmp from any to any icmp-type echo
pass in on lan1 proto icmp from any to any icmp-type echorep
#
# block all ICMP destination unreachable packets which are
# port-unreachables
#
block in on lan1 proto icmp from any to any icmp-type unreach code 3
example.8
#
# block all incoming TCP connections but send back a TCP-RST
# for ones to the ident port
#
block in proto tcp from any to any flags S/SA
block return-rst in quick proto tcp from any to any port = 113 flags S/SA
#
# block all inbound UDP packets and send back an ICMP error.
#
block return-icmp in proto udp from any to any
example.9
# drop all packets without IP security options
#
block in all
pass in all with opt sec
#
# only allow packets in and out on lan0 which are top secret
#
block out on lan0 all
pass out on lan0 all with opt sec-class topsecret
block in on lan0 all
pass in on lan0 all with opt sec-class topsecret
example.10
#
# pass ack packets (ie established connection)
#
pass in proto tcp from 10.1.0.0/16 port = 23 to 10.2.0.0/16 ...
flags A/A
pass out proto tcp from 10.1.0.0/16 port = 23 to 10.2.0.0/16...
flags A/A
#
# block incoming connection requests to my internal network
# from the internet.
#
block in on lan0 proto tcp from any to 10.1.0.0/16 flags S/SA
# block the replies:
block out on lan0 proto tcp from 10.1.0.0 to any flags SA/SA
example.11
#
# allow any TCP packets from the same subnet as foo is on
example.7 125