Manualshelf

HP-UX IPFilter Version 16 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
11121314151617181920
3 Configuring and Loading IPv4 Filter Rules
This chapter describes how to configure IPFilter rules to filter IPv4 packets. It first describes how
to use the basic rule syntax to create rules that pass or block IPv4 packets based on IP addresses,
protocol, and port number. The chapter then describes additional options and features you can
use to filter IPv4 packets.
This chapter contains the following sections:
“IPv4 Filter Rules Configuration File” (page 20)
“Format” (page 20)
“Rule Order and Processing” (page 20)
“Basic Rule Syntax: Specifying the Action, Direction, Protocol, IP Addresses, and Ports”
(page 21)
“pass and block: Specifying the Filter Action” (page 21)
“in and out: Specifying the Filter Direction” (page 21)
“proto: Specifying the Upper Layer Protocol” (page 21)
“from and to: Specifying IP Addresses and Subnets” (page 21)
“port: Specifying TCP and UDP Ports” (page 22)
“Processing Options: Logging Packets, Optimizing Rule Processing, and Specifying Interfaces”
(page 24)
“Option Order” (page 24)
“log: Logging Packets” (page 24)
“quick: Optimizing IPFilter Rules Processing” (page 24)
“on: Filtering by Network Interfaces” (page 25)
“Protocol Options: TCP Flags, IP Options and Fragments, ICMP Types and State Information”
(page 26)
“Option Order” (page 26)
“flags: Specifying TCP Header Flags” (page 26)
“with opt and ipopts: Specifying IP Options” (page 27)
“with frag and with short: Selecting Fragmented IP Packets” (page 28)
“icmp-type and code: Filtering ICMP Traffic by Type and Code” (page 28)
“keep state: Protecting TCP, UDP, and ICMP Sessions” (page 28)
“keep frags: Handling IP Fragments” (page 31)
“Sending Responses for Blocked TCP and UDP Packets” (page 32)
“return-rst: Responding to Blocked TCP Packets” (page 32)
“return-icmp-as-dest: Responding to Blocked UDP Packets” (page 32)
“Improving Performance with Rule Groups ” (page 33)
“Loading IPv4 Filter Rules” (page 34)
“Verifying IPv4 Filter Rules” (page 35)
“Removing IPFilter Rules” (page 34)
NOTE: Most of the information in this chapter has been derived from the IPFilter-based Firewalls
HOWTO document written by Brendan Conoby and Erik Fichtner. You can find this document
at the following URL:
http://www.obfuscation.org/ipf/
19