Manualshelf

HP-UX IPFilter Version A.03.05.14 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
161162163164165166167168169170
HP-UX IPFilter Configuration Examples
BASIC_2.FW
Appendix A 153
# loopbackinterface should *NOT* exist
block in log quick from 127.0.0.0/8 to any group 100
block in log quick from any to 127.0.0.0/8 group 100
block in log quick from 127.0.0.0/8 to any group 200
block in log quick from any to 127.0.0.0/8 group 200
#-------------------------------------------------------
# Allow any communication between the inside network and the
# outside only.
#
# Allow all outgoing connections (SSH, TELNET, FTP, WWW,
# gopher, etc)
#
pass in log quick proto tcp all flags S/SA keep state group 200
#
# Support all UDP ‘connections’ initiated from inside.
#
# Allow ping out
#
pass in log quick proto icmp all keep state group 200
#-------------------------------------------------------
# Log these:
# ==========
# * return RST packets for invalid SYN packets to help the
# other end close
block return-rst in log proto tcp from any to any flags S/SA
group 100
# * return ICMP error packets for invalid UDP packets
block -icmp(net-unr) in proto udp all group 100