Manualshelf

HP-UX IPFilter Version A.03.05.14 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
121122123124125126127128129130
HP-UX and IPv6 Support
Using IPv6 Support in HP-UX IPFilter
Chapter 6 111
Fragmentation
Unlike IPv4, a fragment cache is not maintained for IPv6 fragments. It is
possible to filter IPv6 fragments using the “with v6hdrs frags” keywords.
Use the following rule to filter IPv6 fragmented traffic:
block in proto udp from any to any with v6hdrs frags
Command and Configuration Examples
To configure IPv6 rules from files containing IPv6 rules:
ipf -6 -f
<ipv6 rule file>
To flush IPv6 IN rules:
ipf -6 -Fi
To see rule hits on OUT rules:
ipfstat -6 -oh
To disable IPv6 filtering on LAN0 inet6:
ipf -6 -D lan0
Installation Details and Dependencies
HP-UX IPFilter depends on TOUR 3.1 to provide IPv6 functionality.
IPFilter installs successfully without TOUR 3.1, but IPv6 network
interfaces are not detected.
Features Not Supported with IPv6
The following features are not supported with IPv6:
Dynamic Connection Allocation (DCA) (the configuration of the IPv6
keep limit rules is not allowed.)
IPFilter NAT functionality and the associated commands and
utilities
•The ipftest utility
RPC scripts
IPFilter group rules