HP-UX IPFilter Version A.03.05.14 Administrator's Guide
HP-UX and IPv6 Support
Using IPv6 Support in HP-UX IPFilter
Chapter 6 105
Using IPv6 Support in HP-UX IPFilter
IPv6 support has been added to HP-UX IPFilter. The functionality is
mostly equivalent to IPv4 functionality in HP-UX IPFilter. There are
some differences, which are described in this chapter.
Product Configuration
No new software modules or filesets have been introduced in the IPv6
version. The current version of HP-UX IPFilter has been enhanced to
include IPv6 functionality. Filter rules configuration in IPv6 support is
identical to IPv4 support rules configuration. A new file
(/etc/opt/ipf/ipf6.conf) is provided which is read during IPFilter
startup. This file is just like the one provided for IPv4
(etc/opt/ipf/ipf.conf).
Both of these files can be changed, if necessary, by modifying the
IPF_CONF and IPF6_CONF variables in /etc/rc.confif.d/ipfconf.
Product Installation and Dependencies
HP-UX IPFilter IPv6 filtering functionality is dependent on the
Transport patch TOUR 3.1 or later. If this dependency is not met,
IPFilter will be capable of filtering only IPv4 traffic. Therefore, IPv6
traffic will not be secured.
Rules Configuration
Internally, HP-UX IPFilter maintains IPv4 and IPv6 filter rules as
separate rule sets. Each requires separate configuration and
administration. Any given rule will apply to either IPv4 or IPv6, but not
both. These include rules which have addresses and ports specified as
wildcards.
The rule block in from any to any will match to IPv4 traffic or IPv6
traffic. A traffic match will depend upon the command options used while
configuring the rules. New command line options have been introduced
which can be used to apply and operate the IPv6 rules. These options are
further explained in “Commands” on page 106.