HP-UX IPFilter Version 17 Administrator's Guide
/usr/bin/ndd -set /dev/ip ip_forward_directed_broadcasts 1
You can specify ndd tunable values in the /etc/rc.config.d/nddconf file.
Prior to this fix, if you set the ip_forward_directed_broadcasts value to "0" in nddconf,
the ipfboot stop script reset the value back to "1" without referring to the nddconf file. Now,
the /etc/rc.config.d/nddconf file is checked when ipfboot stop is executed. If the
ip_forward_directed_broadcasts value is set in nddconf to 0 or 1, the
ip_forward_directed_broadcasts value in the ipfbot script is not modified with the
ndd command.
Fixes for HP-UX 11i v2
QXCR1000923645—Provide tunable to enable/disable NAT functionality.
The new ipnat_enable tunable is provided to enable/disable NAT functionality. By default,
this tunable is set to 1. If you do not use NAT functionality, disabling this tunable will improve
performance.
QXCR1000926726—Multicast packets more than 84 bytes are corrupted in IPFilter and dropped
in IP module.
Multicast packets more than 84 bytes are now received properly when IPFilter is enabled.
QXCR1000950055—The ipmon utility does not format IP addresses and protocol correctly.
The IP addresses are formatted as IPv6 addresses when they are IPv4 addresses. Protocol is
displayed as 159 instead of TCP, but can be any other value.
QXCR1000971666—ipfboot stop forces ip_forward_directed_broadcasts back to
1
ip_forward_directed_broadcasts is an ndd tunable that enables broadcast messages to
pass through the system. When IPFilter is enabled, the IPFilter startup rc script, ipfboot is
executed as ipfboot start. The ipfboot script sets the
ip_forward_directed_broadcasts value to "0" using the ndd command:
/usr/bin/ndd -set /dev/ip ip_forward_directed_broadcasts 0
This value is set to stop broadcast storms for security reasons. When IPFilter is disabled with
ipfboot stop, the ip_forward_directed_broadcasts value is reset to "1" using the ndd
command:
/usr/bin/ndd -set /dev/ip ip_forward_directed_broadcasts 1
You can specify ndd tunable values in the /etc/rc.config.d/nddconf file.
Prior to this fix, if you set the ip_forward_directed_broadcasts value to "0" in nddconf,
the ipfboot stop script reset the value back to "1" without referring to the nddconf file. Now,
the /etc/rc.config.d/nddconf file is checked when ipfboot stop is executed. If the
ip_forward_directed_broadcasts value is set in nddconf to 0 or 1, the
ip_forward_directed_broadcasts value in the ipfbot script is not modified with the
ndd command.
Typographic Conventions
This document uses the following typographical conventions:
%, $, or #
A percent sign represents the C shell system prompt. A dollar
sign represents the system prompt for the Bourne, Korn, and
POSIX shells. A number sign represents the superuser prompt.
audit(5) A manpage. The manpage name is audit, and it is located in
Section 5.
Typographic Conventions 15