Manualshelf

HP-UX IPFilter Version 17 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
21222324252627282930
3 Configuring and Loading IPv4 Filter Rules
This chapter describes how to configure IPFilter rules to filter IPv4 packets. It first describes how
to use the basic rule syntax to create rules that pass or block IPv4 packets based on IP addresses,
protocol, and port number. The chapter then describes additional options and features you can
use to filter IPv4 packets.
This chapter contains the following sections:
“IPv4 Filter Rules Configuration File” (page 27)
“Format” (page 27)
“Rule Order and Processing” (page 27)
“Basic Rule Syntax: Specifying the Action, Direction, Protocol, IP Addresses, and Ports”
(page 28)
“pass and block: Specifying the Filter Action” (page 28)
“in and out: Specifying the Filter Direction” (page 28)
“proto: Specifying the Upper Layer Protocol” (page 28)
“from and to: Specifying IP Addresses and Subnets” (page 28)
“port: Specifying TCP and UDP Ports” (page 29)
“Rate-based Filtering” (page 30)
“Processing Options: Logging Packets, Optimizing Rule Processing, and Specifying Interfaces”
(page 31)
“Option Order” (page 31)
“log: Logging Packets” (page 31)
“quick: Optimizing IPFilter Rules Processing” (page 31)
“on: Filtering by Network Interfaces” (page 32)
“Protocol Options: TCP Flags, IP Options and Fragments, ICMP Types and State Information”
(page 33)
“Option Order” (page 33)
“flags: Specifying TCP Header Flags” (page 33)
“with opt and ipopts: Specifying IP Options” (page 34)
“with frag and with short: Selecting Fragmented IP Packets” (page 35)
“icmp-type and code: Filtering ICMP Traffic by Type and Code” (page 35)
“keep state: Protecting TCP, UDP, and ICMP Sessions” (page 35)
“State Aging” (page 37)
“keep frags: Handling IP Fragments” (page 38)
“Sending Responses for Blocked TCP and UDP Packets” (page 39)
“return-rst: Responding to Blocked TCP Packets” (page 39)
“return-icmp-as-dest: Responding to Blocked UDP Packets” (page 39)
“Improving Performance with Rule Groups ” (page 40)
“Loading IPv4 Filter Rules” (page 42)
“Verifying IPv4 Filter Rules” (page 42)
“Removing IPFilter Rules” (page 43)
“Rule Tags” (page 43)
25