HP-UX IPFilter Version A.03.05.14 Administrator's Guide
HP-UX and IPv6 Support
Using IPv6 Support in HP-UX IPFilter
Chapter 6 107
ipf
The ipf command is used to manipulate IPFilter rules. The ipf
command with options has the capability of reading, deleting, or
swapping rules.
The following command reads the rules in the
<rulefile>
, where
<rulefile>
is a file containing a list of rules, and adds them to the IPv4
ruleset:
ipf -f
<rulefile>
The new -6 option must be added if the
<rulefile>
contains IPv6 rules
that must be configured:
ipf -6 -f
<rulefile>
To delete all active IPv6 rules, use the following command:
ipf -6 -Fa
To selectively remove IPv6 rules, use the following command:
ipf -6 -r -f
<rules to be deleted>
Most options to the ipf command, when prepended with the -6 option,
will affect the IPv6 rule set. The one exception is the -s option. The -s
option is used to swap active and inactive rules, but does not require a -6
option. The ipf -s command swaps an active ruleset with an inactive
ruleset for both IPv4 and IPv6.
The following options enable you to control IPFilter processing on a given
IPv6 interface.
-E -6
<interface name>
Enables IPFilter processing for traffic on a given interface.
-D -6
<interface name>
Disables IPFilter processing for traffic on a given interface.
-Q -6
<interface name>
Verifies that IPFilter processing is enabled or disabled for a given
interface.
For example, ipf -D -6 lan0 disables IPFilter processing for traffic on
lan0 and ipf -E -6 lan0 enables IPFilter processing on lan0. ipf -Q
-6 lan0 is used to verify if IPFilter processing is enabled or disabled for
lan0.