HP-UX IPFilter Version 17 Administrator's Guide
allowing traffic through the firewall, 118
bidirectional with IPFilter, 118
debugging blocked traffic with, 118
gateway, 120
UDP negotiation, 117
IPSec and IPFilter, 117
IPv6
differences, 46
extension headers, 47
features, 46
file configuration, 45
filter rules, 46
fragmentation, 48
ICMPv6 filtering, 46
ipf, 49
protocol-based filtering, 46
rules configuration, 45
stateful ICMPv6, 46
tunneled packets, 47
unsupported features, 46, 128
K
kcmodule, 23
static linking, 149
kctune, 145
keep frags keyword, 38
keep limit
keyword, 53
keep limit rules
adding, 58
adding a subnet or IP address range rule, 58
adding individual rule, 58
changing current rule, 57
extracting, 59
integrating, 58
rule hits, 61
updating, 57
updating a subnet or IP address range, 58
keep state
ICMP, 37
keyword, 35, 36
state table dump, 82
when to use, 36
keeping state
UDP, 37
with servers and flags, 36
kernel tunables
configuring, 145
fr_statemax, 144
fr_tcpidletimeout, 144
ipl_buffer_sz, 144
ipl_logall, 145
ipl_suppress, 145
keywords
bimap, 71
block, 28
flags, 33
from, 28
group, 40
icmp-type, 35, 101
in, 28
ipopts, 34
keep frags, 38
keep limit, 53
keep state, 35
log, 31, 88
log limit, 54
log limit freq, 55
map, 66
map-block, 67
on, 32
opt, 34
out, 28
pass, 28
port, 29
portmap, 66
proto, 28
quick, 31
rdr, 68
return-icmp-as-dest, 39
return-rst, 39
to, 28
with frags, 35
with short, 35
kmadmin
static linking, 149
kmsystem
static linking, 150
kmtune, 146
kmupdate
static linking, 150
L
l4check, 69
limiting connections
by IP address, 53
by subnet, 54
cumulative, 54
default individual limit, 54
loading software, 22
localhost filtering, 77
log keyword, 31, 88
body option, 89
first option, 88
log limit freq keyword, 55
log limit keyword, 54
log tags, 43
logging, 92
packets, 31
problems, 93
logging exceeded connections, 54
logging techniques, 88
M
map keyword, 66
map-block keyword, 67
memory allocation, 144
modifying DCA rules, 57
157