Manualshelf

HP-UX IPFilter Version 16 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
1234567
OS Platform and Version Compatibility
HP-UX 11i v3 or HP-UX 11i v2.
HP-UX 11i v3 IPFilter Software Requirements
No patches are required to install HP-UX IPFilter version A.11.31.16.
HP-UX 11i v2 IPFilter Software Requirements
This section lists the required and recommended patches for IPFilter on HP-UX 11i v2 systems.
IPv6 Prerequisite
To use IPFilter with IPv6 packets, you must install PHNE_35766 and PHNE_34788, which enable
IPFilter for IPv6. TOUR 3.1 also provides this functionality, so these patches are not required on
systems that already have TOUR 3.1 installed. If you do not meet this requirement, IPFilter will
not filter IPv6 packets, and will allow all IPv6 packets to pass in and out of the system.
Recommended Upgrade
HP recommends that you install the HP-UX 11i v2 December 2006 update.
Hardware Requirements
HP 9000 workstations and servers and HP Integrity Systems
Other Requirements
None.
Disk Space Required for Installation
This product requires 10 Mbytes of disk space.
Common Mistakes or Gotchas
None.
Fixes in This Version
HP-UX IPFilter version 16 includes fixes for the following change requests:
DescriptionDefect ID
System panic when running the ipfstat command in combination with other utilities.
This is a critical defect.
QXCR1000805063
The ipf command does not return an error when an IPFilter rule contains an invalid
interface type. IPFilter adds the rule to the rule list but ignores the interface type.
QXCR1000822487
The ipf command returns status 0 instead of 1 if the command fails.
QXCR1000822489
When IPFilter blocks an inbound UDP packet that matches a rule with the
return-icmpv6 or return-icmpv6-as-dest keyword, it sends an improperly
formatted ICMP destination unreachable packet with a bad checksum.
QXCR1000822505
If IPFilter Network Address Translation (NAT) rules are used and TCP/UDP transmit
checksum offload (CKO) offload is configured, the system sends outbound UDP packets
with incorrect checksums.
On the remote system, the netstat -s command shows the bad checksums value
for UDP increasing. A packet analyzer such as tcpdump shows invalid UDP checksum
values (bad udp cksum).
QXCR1000807359
6 HP-UX IPFilter Release Notes