Manualshelf

HP-UX IPFilter Version A.03.05.14 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
121122123124125126127128129130
HP-UX and IPv6 Support
Using IPv6 Support in HP-UX IPFilter
Chapter 6110
Routing options header (routing)
Authentication header (ah)
IPSec header (esp)
IPv6 header for tunneled packets(IPv6) (ipv6)
IPv6 fragment (frags)
Currently, filtering is available to either block or pass packets with
designated extension headers. For example, to block all TCP packets
with a Routing options header, use the following rule:
block in proto tcp from any to any with v6hdrs routing
To block all UDP packets with destination option and mobility headers,
use the following rule:
block in proto udp from any to any with v6hdrs
dstopts,mobility
NOTE Extension headers are matched explicitly. A packet with only a routing
header will not match the previous rule. Only packets with both mobility
and destination option headers will match the rule.
Tunneled Packets
HP-UX IPFilter can filter the following types of tunnel packets:
6-in-4—Use the following rule to filter this type of tunnel packet:
ipf -f
block in proto 41 from any to any
6-in-6—Use the following rule to filter this type of tunnel packet:
ipf -6 -f
block in proto 41 from any to any