HP-UX IPFilter Version 16 Administrator's Guide
Controlling ICMPv6 Router Discovery and Neighbor Discovery Messages
By default, HP-UX IPFilter allows ICMPv6 Router Discovery and Neighbor Discovery messages
to bypass (pass through) IPFilter rulesets and always pass in and out of the system. These messages
are:
Router Solicitation (type 133)
Router Advertisement (type 134)
Neighbor Solicitation (type 135)
Neighbor Advertisement (type 136)
Neighbor Discovery Redirect (type 137)
The kernel tunable parameter ipf_icmp6_passthru specifies whether or not IPFilter allows
Router Discovery and Neighbor Discovery messages to bypass the IPFilter rulesets.
Default ValueValid ValuesParameter Name
00 (Router Discovery and Neighbor
Discovery messages bypass
IPFilter)
1 (IPFilter filters Router Discovery
and Neighbor Discovery
messages)
ipf_icmp6_passthru
Configuring ipf_icmp6_passthru
HP strongly recommends that you use the default setting for ipf_icmp6_passthru. However,
if you want to change the setting, use one of the procedures in the sections that follow.
Configuring ipf_icmp6_passthru on HP-UX 11i v2 and HP-UX 11i v3
On HP-UX 11i v2 and HP-UX 11i v3 systems, use the kctune utility to set the value of
ipf_icmp6_passthru as follows:
kctune ipf_icmp6_passthru=value
where:
value is 0 (bypass) or 1 (filter).
Configuring ipf_icmp6_passthru on HP-UX 11i v1
On HP-UX 11i v1 systems, use the ndd utility to set the value of ipf_icmp6_passthru as
follows:
ndd -set /dev/pfil ipf_icmp6_passthru value
where:
value is 0 (bypass) or 1 (filter).
NOTE: You cannot configure ipf_icmp6_passthru in the ndd configuration file read at
system startup time (/etc/rc.config.d/nddconf). When the system starts up, the value for
ipf_icmp6_passthru is reset its default value (1).
Controlling ICMPv6 Router Discovery and Neighbor Discovery Messages 97