HP-UX IPFilter Version 17 Administrator's Guide

4 Configuring and Loading IPv6 Filter Rules................................................................45
4.1 IPv6 Filter Rules Configuration File................................................................................................45
4.2 Features Not Supported with IPv6..................................................................................................46
4.3 IPv6 Filter Rule Syntax Differences.................................................................................................46
4.3.1 Specifying Addresses..............................................................................................................46
4.3.2 Filtering ICMPv6 Packets........................................................................................................46
4.3.2.1 Stateful ICMPv6..............................................................................................................46
4.3.3 IPv6 Extension Headers..........................................................................................................47
4.3.4 Filtering Tunneled Packets......................................................................................................47
4.3.5 Filtering IPv6 Fragments.........................................................................................................48
4.3.6 Sending ICMPv6 Responses....................................................................................................48
4.4 Loading IPv6 Filter Rules................................................................................................................49
4.4.1 Verifying IPv6 Filter Rules......................................................................................................49
5 Configuring and Loading Dynamic Connection Allocation (DCA) Rules...............51
5.1 DCA with HP-UX IPFilter...............................................................................................................52
5.1.1 Overview: DCA Functionality................................................................................................52
5.1.1.1 Using DCA......................................................................................................................52
5.2 DCA Rules Configuration Files.......................................................................................................52
5.3 DCA Rule Syntax and Keywords....................................................................................................53
5.3.1 DCA Rule Conditions..............................................................................................................53
5.4 keep limit: Limiting Connections....................................................................................................53
5.4.1 Limiting Connections by IP Address......................................................................................53
5.4.2 Limiting Connections by Subnet.............................................................................................54
5.4.3 Limiting Connections by IP Address Range...........................................................................54
5.4.4 Default Individual Connection Limits....................................................................................54
5.5 return-rst: Returning RESET Packets..............................................................................................54
5.6 cumulative: Limiting Cumulative Connections..............................................................................54
5.7 log limit: Logging Exceeded Connections.......................................................................................54
5.7.1 Summary Logs and Cumulative Limits..................................................................................55
5.8 log limit freq: Log Frequency .........................................................................................................55
5.9 Loading and Modifying DCA Rules...............................................................................................57
5.9.1 Updating keep limit Rules......................................................................................................57
5.9.1.1 Changing the Current Individual, Subnet, or IP Address Range Rule...........................57
5.9.1.2 Updating a Subnet or IP Address Range Rule................................................................58
5.9.2 Adding New keep limit Rules.................................................................................................58
5.9.2.1 To Add a New Individual keep limit Rule:.....................................................................58
5.9.2.2 To Add a New Subnet or IP Address Range Rule:.........................................................58
5.9.3 Integrating keep limit Rules....................................................................................................58
5.9.4 Extracting an Individual Rule from a Subnet Rule.................................................................59
5.10 Enabling and Disabling DCA........................................................................................................60
5.10.1 Enabling and Disabling DCA Using ipf................................................................................60
5.10.2 Configuring IPFilter to Enable DCA at System Startup Time..............................................60
5.11 Using IPFilter Utilities with DCA..................................................................................................60
5.11.1 keep limit Rules and Rule Hits..............................................................................................61
5.11.1.1 Limits and Hit Counts...................................................................................................61
5.12 Monitoring and Allocating Memory for DCA Data......................................................................62
6 Configuring and Loading Network Address Translation (NAT) Rules....................63
6.1 NAT Rules Configuration File.........................................................................................................63
6.1.1 Format.....................................................................................................................................63
6.1.2 Rule Order and Processing......................................................................................................63
6.1.2.1 Using NAT Rules with Filter Rules.................................................................................63
Table of Contents 5