HP-UX IPFilter Version 16 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software

with short: Selecting Short Fragments.......................................................................................28

icmp-type and code: Filtering ICMP Traffic by Type and Code.....................................................28

keep state: Protecting TCP, UDP, and ICMP Sessions.....................................................................28

Allocating Memory for the State Table......................................................................................29

Using Keep State with TCP........................................................................................................29

Idle Timeout..........................................................................................................................30

Using Keep State with UDP.......................................................................................................30

Idle Timeout..........................................................................................................................30

Using Keep State with ICMP......................................................................................................30

Idle Timeout..........................................................................................................................30

ICMP Error Status Messages................................................................................................30

keep frags: Handling IP Fragments.................................................................................................31

Sending Responses for Blocked TCP and UDP Packets.......................................................................32

return-rst: Responding to Blocked TCP Packets.............................................................................32

return-icmp-as-dest: Responding to Blocked UDP Packets............................................................32

Improving Performance with Rule Groups .........................................................................................33

Loading IPv4 Filter Rules.....................................................................................................................34

Removing IPFilter Rules..................................................................................................................34

Verifying IPv4 Filter Rules...............................................................................................................35

4 Configuring and Loading IPv6 Filter Rules................................................................37

IPv6 Filter Rules Configuration File.....................................................................................................37

Features Not Supported with IPv6.......................................................................................................38

IPv6 Filter Rule Syntax Differences......................................................................................................38

Specifying Addresses......................................................................................................................38

Filtering ICMPv6 Packets................................................................................................................38

Stateful ICMPv6.........................................................................................................................38

IPv6 Extension Headers...................................................................................................................38

Filtering Tunneled Packets..............................................................................................................39

Filtering IPv6 Fragments.................................................................................................................39

Sending ICMPv6 Responses............................................................................................................40

Loading IPv6 Filter Rules.....................................................................................................................41

Verifying IPv6 Filter Rules...............................................................................................................41

5 Configuring and Loading Dynamic Connection Allocation (DCA) Rules...............43

DCA with HP-UX IPFilter....................................................................................................................44

Overview: DCA Functionality.........................................................................................................44

Using DCA.................................................................................................................................44

DCA Rules Configuration Files............................................................................................................44

DCA Rule Syntax and Keywords.........................................................................................................45

DCA Rule Conditions......................................................................................................................45

keep limit: Limiting Connections.........................................................................................................45

Limiting Connections by IP Address..............................................................................................45

Limiting Connections by Subnet.....................................................................................................46

Limiting Connections by IP Address Range...................................................................................46

Default Individual Connection Limits............................................................................................46

return-rst: Returning RESET Packets....................................................................................................46

cumulative: Limiting Cumulative Connections...................................................................................46

log limit: Logging Exceeded Connections............................................................................................46

Summary Logs and Cumulative Limits..........................................................................................47

log limit freq: Log Frequency ...............................................................................................................47

Loading and Modifying DCA Rules.....................................................................................................49

Updating keep limit Rules...............................................................................................................49

4 Table of Contents