HP-UX IPFilter Version 16 Administrator's Guide

Enabling and Disabling DCA

To use DCA, you must enable DCA mode. You can enable or disable DCA mode using the ipf

utility. If you want IPFilter to automatically enable DCA mode at system startup time, you must

also modify the /etc/rc.config.d/ipfconf file.

Enabling and Disabling DCA Using ipf

There is a single DCA mode for both IPv4 and IPv6 addresses. You can use the ipf command

to enable and disable DCA mode. You can also use ipf to query the state of DCA mode, and

toggle between enabled and disabled mode.

DCA mode is disabled by default. To enable DCA, use the following command:

ipf -m e

To disable DCA, use the following command:

ipf -m d

To query the current DCA setting, use the following command:

ipf -m q

You can toggle between being enabled or disabled by using the following command:

ipf -m t

Configuring IPFilter to Enable DCA at System Startup Time

Use the following procedure to configure IPFilter to automatically enable DCA at system startup

time::

1. Open /etc/rc.config.d/ipfconf, the IPFilter startup configuration file.

2. Set the DCA_START flag to 1 to enable DCA.

Alternatively, you can set the DCA_START flag to 0 to disable DCA. This is the default setting.

NOTE: When there are no keep limit rules and no connection allocation configured, HP

recommends that you disable DCA.

Using IPFilter Utilities with DCA

The IPFilter utilities support subcommands to collect data about the connections that are being

controlled. This data includes the source and destination IP address, allocated number of

connections, number of active connections, and number of times the allocated quota of connections

was exceeded. These subcommands are as follows:

• “The ipf Utility” (page 85).

— ipf -Q interface_name

— ipf -E interface_name

52 Configuring and Loading Dynamic Connection Allocation (DCA) Rules