HP-UX IPFilter Version 16 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software

Changing the Current Individual, Subnet, or IP Address Range Rule......................................49

Updating a Subnet or IP Address Range Rule...........................................................................50

Adding New keep limit Rules.........................................................................................................50

To Add a New Individual keep limit Rule:................................................................................50

To Add a New Subnet or IP Address Range Rule:....................................................................50

Integrating keep limit Rules............................................................................................................51

Extracting an Individual Rule from a Subnet Rule.........................................................................51

Enabling and Disabling DCA...............................................................................................................52

Enabling and Disabling DCA Using ipf..........................................................................................52

Configuring IPFilter to Enable DCA at System Startup Time.........................................................52

Using IPFilter Utilities with DCA.........................................................................................................52

keep limit Rules and Rule Hits........................................................................................................53

Limits and Hit Counts................................................................................................................53

Monitoring and Allocating Memory for DCA Data.............................................................................54

6 Configuring and Loading Network Address Translation (NAT) Rules....................55

NAT Rules Configuration File..............................................................................................................55

Format..............................................................................................................................................55

Rule Order and Processing..............................................................................................................55

Using NAT Rules with Filter Rules............................................................................................55

Inbound Packets....................................................................................................................55

Outbound Packets.................................................................................................................56

NAT Keywords.....................................................................................................................................57

map and portmap: Mapping Outbound Packets..................................................................................58

Examples..........................................................................................................................................58

portmap Keyword...........................................................................................................................58

map-block: Mapping to a Block of Addresses.................................................................................59

rdr: Redirecting Inbound Packets.........................................................................................................60

Redirecting Packets to a Specific Port..............................................................................................60

Using NAT Redirection with Filtering............................................................................................60

Using the rdr and round-robin Keywords for Load Balancing......................................................61

bimap: Bidirectional Mapping..............................................................................................................62

Loading NAT Rules..............................................................................................................................63

7 Tips for Securing Your System.....................................................................................65

Blocking Services by Port Number and Protocol..................................................................................65

Example: Firewall on a Web Server.................................................................................................65

Example: Firewall for Multiple Services.........................................................................................65

Creating a Complete Filter by Interface................................................................................................66

Combining IP Address and Network Interface Filtering.....................................................................66

Using Bidirectional Filtering.................................................................................................................67

Using HP-UX IPFilter with End System Security Features..................................................................67

8 Troubleshooting HP-UX IPFilter....................................................................................69

Viewing IPFilter Statistics and Active Rules with ipfstat.....................................................................70

Syntax..............................................................................................................................................70

Options............................................................................................................................................70

Examples..........................................................................................................................................71

Testing Rules with ipftest......................................................................................................................75

Syntax..............................................................................................................................................75

Options............................................................................................................................................75

Example...........................................................................................................................................76

Logging IPFilter Packets.......................................................................................................................78

Table of Contents 5