HP-UX IPFilter Version 17 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software

111

112

113

114

115

116

117

118

119

120

# /sbin/init.d nfs.client start

# /sbin/init.d nfs.server start

3. (Optional) Enter the following command to verify the ports used by the NFS auxiliary

daemons:

# rpcinfo -p

13.3 Using the rpc.ipfboot Script to Update IPFilter Rules

The /etc/opt/ipf/rpc.ipf/rpc.ipfboot script to queries the port mapper and updates

IPFilter rules files with the appropriate port numbers. This script is useful if you cannot run the

auxiliary NFS daemons using fixed ports as described in the previous section, or if you want

IPFilter to process packets for other daemons that use the RPC mechanism.

NOTE: The files and scripts used in this procedure serve as basic building blocks for use at

startup time. All files are installed in /etc/opt/ipf/rpc.ipf. The configuration files must

be present in the appropriate directories for the scripts to work correctly.

To use the /etc/opt/ipf/rpc.ipf/rpc.ipfboot script:

1. Copy the sample file to /etc/rc.config.d/rpc_ipfconf

cp rpc_ipfconf.sample /etc/rc.config.d/rpc_ipfconf

Edit the file as needed.

2. Create the rpc.ipf directory and change to that directory.

mkdir /etc/opt/ipf/rpc.ipf

cd /etc/opt/ipf/rpc.ipf

3. Create an empty RPC rules file.

touch /etc/opt/ipf/rpc.ipf/rpc.rules

4. Start the script configuration.

./rpc.ipfboot start

13.3.1 Rules Files

This section gives details on the two rules files that contain the IPFilter rules for RPC. The two

rules files are:

• The IPFilter rules file specified in $IPF_CONF in /etc/rc.config.d/ipfconf

• The IPFilter RPC rules file specified in $RPC_RULES_FILE specified in /etc/rc.config.d/

rpc_ipfconf

NOTE: See the following section for a description of /etc/rc.config.d/rpc_ipfconf.

A sample file is also provided.

To incorporate the dynamic ports used by the RPC processes, the administrator should decide

the position from which RPC rule should be configured by setting RPC_RULE_POSITION to the

desired value. For example:

RPC_RULE_POSITION=5

The RPC rules will then be added from the 5th position onwards. If there are 10 RPC rules, they

will be inserted at positions 5 to 14. The position must be chosen carefully. If there are only two

rules present, then RPC_RULE_POSITION must be 1,2 or 3 [RPC_RULE_POSITION =

current_#_of_rules]. The Original rules file specified in /etc/rc.config.d/ipfconf

containing other rules is not modified.

114 HP-UX IPFilter and NFS and RPC