HP-UX IPFilter Version 17 Administrator's Guide
pass out quick on lan0 proto udp from any to any port = 53
keep state
block out on lan0 proto udp all
block in on lan0 proto udp all
B.20 BASIC.NAT
#!/sbin/ipnat -f -
#
# THIS EXAMPLE IS WRITTEN FOR IP FILTER 3.3
#
# ppp0 - (external) PPP connection to ISP, address a.b.c.d/32
#
# lan0 - (internal) network interface, address w.x.y.z/32
#
# If only one valid IP address from the ISP, then use this
# rule:
#
map ppp0 w.x.y.z/24 -> a.b.c.d/32 portmap tcp/udp 40000:60000
map ppp0 w.x.y.z/24 -> a.b.c.d/32
#
# If a different dialup IP address is assigned each time, then
# use this rule:
map ppp0 w.x.y.z/24 -> 0/32 portmap tcp/udp 40000:60000
map ppp0 w.x.y.z/24 -> 0/32
#
# If using a class C address space of valid IP addresses from
# an ISP, then use this rule:
#
map ppp0 w.x.y.z/24 -> a.b.c.d/24 portmap tcp/udp 40000:60000
map ppp0 w.x.y.z/24 -> a.b.c.d/24
#
# If using a small number of PCs, use this rule:
#
map ppp0 w.x.y.v/32 -> a.b.c.E/32 portmap tcp/udp 40000:60000
map ppp0 w.x.y.v/32 -> a.b.c.E/32
map ppp0 w.x.y.u/32 -> a.b.c.F/32 portmap tcp/udp 40000:60000
map ppp0 w.x.y.u/32 -> a.b.c.F/32
map ppp0 w.x.y.t/32 -> a.b.c.G/32 portmap tcp/udp 40000:60000
map ppp0 w.x.y.t/32 -> a.b.c.G/32
map ppp0 w.x.y.s/32 -> a.b.c.H/32 portmap tcp/udp 40000:60000
map ppp0 w.x.y.s/32 -> a.b.c.H/32
map ppp0 w.x.y.r/32 -> a.b.c.I/32 portmap tcp/udp 40000:60000
map ppp0 w.x.y.r/32 -> a.b.c.I/32
map ppp0 w.x.y.q/32 -> a.b.c.J/32 portmap tcp/udp 40000:60000
map ppp0 w.x.y.q/32 -> a.b.c.J/32
map ppp0 w.x.y.p/32 -> a.b.c.K/32 portmap tcp/udp 40000:60000
map ppp0 w.x.y.p/32 -> a.b.c.K/32
#
# For ftp to work using the internal ftp proxy, use the
# following rule:
#
map ppp0 w.x.y.z/24 -> a.b.c.d/32 proxy port ftp ftp/tcp
B.21 nat.eg
# map all tcp connections from 10.1.0.0/16 to 240.1.0.1,
# changing the source
# port number to something between 10,000 and 20,000 inclusive.
# For all other
# IP packets, allocate an IP # between 240.1.0.0 and
# 240.1.0.255, temporarily
# for each new user.
#
B.20 BASIC.NAT 139