Manualshelf

HP-UX IPFilter Version 17 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
141142143144145146147148149150
For example (using the above NAT rules), if you wanted to
prevent all hosts in the 10.1.2.0/24 subnet from using NAT, you
might use the following rule with ipf:
block out on ppp0 from 10.1.2.0/24 to any
block in on ppp0 from any to 10.1.2.0/24
and use these with ipnat:
map ppp0 10.1.0.0/16 -> 209.23.1.0/28 portmap tcp/udp 10000:40000
map ppp0 10.1.0.0/16 -> 209.23.1.0/28 portmap
B.23 ipmon.conf
match { logtag = 10000 }
do { execute "/usr/bin/mail -s 'logtag 10000' root" };
match { logtag = 2000, protocol = tcp }
do { execute "echo 'XXXXXXXX tag 2000 packet XXXXXXXX'" };
#
match { protocol = udp, result = block }
do { execute "/usr/bin/mail -s 'blocked udp' root"
};
#
match {
srcip = 10.1.0.0/16, dstip = 192.168.1.0/24 }
do { execute "/usr/bin/mail -s 'from 10.1 to 192.168.1' root"
};
#
match {
rule = 12, logtag = 101, direction = in, result = block,
protocol = udp, srcip = 10.1.0.0/16, dstip = 192.168.1.0/24 }
do { execute "run shell command"
};
B.24 pool.conf
table role = ipf type = tree number = 100
{ 1.1.1.1/32; 2.2.0.0/16; 2.2.2.0/24; };
table role = ipf type = hash number = 100 size = 5
{ 1.1.1.1/32; 2.2.0.0/16; 2.2.2.0/24; };
B.23 ipmon.conf 141