HP-UX IPFilter Version A.03.05.14 Administrator's Guide
HP-UX IPFilter and Serviceguard
Using HP-UX IPFilter with Serviceguard
Chapter 10142
For a simplified HP-UX IPFilter configuration, use the following rules:
pass in quick from
<clusternodes>
to any
pass out quick from any to
<clusternodes>
For more restrictive HP-UX IPFilter configurations, use the following
rules to allow only the required cluster services to pass through:
pass in quick proto tcp from
<clusternodes>
to
<clusternodes>
port 5299 >< 5305 flags S keep state
pass in quick proto udp from
<clusternodes>
to
<clusternodes>
port = 5300 keep state
pass in quick proto udp from
<clusternodes>
to
<clusternodes>
port = 5302 keep state
pass in quick proto tcp from
<clusternodes>
to
<clusternodes>
port = 5408 flags S keep state
pass in quick proto tcp from
<clusternodes>
to
<clusternodes>
port 49151><65536 keep state
pass in quick proto udp from
<clusternodes>
to
<clusternodes>
port 49151><65536 keep state
pass out quick proto tcp from
<clusternodes>
to
<clusternodes>
port 5299 >< 5305 flags S keep state
pass out quick proto udp from
<clusternodes>
to
<clusternodes>
port = 5300 keep state
pass out quick proto udp from
<clusternodes>
to
<clusternodes>
port = 5302 keep state
pass out quick proto tcp from
<clusternodes>
to
<clusternodes>
port = 5408 flags S keep state
pass out quick proto tcp from
<clusternodes>
to
<clusternodes>
port 49151><65536 keep state
pass out quick proto udp from
<clusternodes>
to
<clusternodes>
port 49151><65536 keep state
pass in quick proto udp from
<clusternodes>
to
<clusternodes>
port = 9 keep state
pass out quick proto udp from
<clusternodes>
to
<clusternodes>
port = 9 keep state
In the previous set of rules,
<clusternodes>
are all nodes in the cluster,
including the local node.