HP-UX IPFilter Version A.03.05.14 Administrator's Guide
HP-UX and IPv6 Support
Using IPv6 Support in HP-UX IPFilter
Chapter 6106
Similarly, rules cannot mix IPv4 and IPv6 addresses. For example, the
following rule is not valid:
pass in proto tcp from 101.11.23.1 to 3ffe::2
Filter Rules
The syntax of basic filter rules is not changed for IPv6. The same set of
keywords applies and has the same effect. For example, use the following
rule to block an inbound telnet connection:
block in proto tcp from 3ffe::2 to 3ffe::9 port = 23
Protocol-Based Filtering
There are no major changes for IPv6 protocol-based filtering. Upper layer
protocols can be used in the same method and TCP or UDP can be
specified as for IPv4 rules. The only exception is ICMPv6, which is new
protocol with IPv6.
The keyword to filter ICMPv6 is “icmpv6” or “ipv6-icmp,” which is the
standard keyword specified in /etc/protocols. Also HP-UX IPFilter
can filter any ICMPv6 message type-code pair.
IPv6 extension headers can also be filtered. This is described in “IPv6
Extension Headers” on page 109.
Stateful Filtering
TCP and UDP stateful filtering has not changed for IPv6, because these
protocols have not changed. However, ICMPv6 changes are described in
“Stateful ICMPv6” on page 108.
Commands
The commands used for IPv6 are similar to those used for IPv4, but new
command line options have been introduced.