Manualshelf

HP-UX IPFilter Version A.03.05.14 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
201202203204205206207208209210
Performance Guidelines
Rule Configuration
Appendix C 187
keep limit 500
pass in quick proto tcp from 15.13.104.0/24 to any port = 23
keep limit 500
pass in quick proto tcp from 15.13.105.0/24 to any port = 23
keep limit 500
pass in quick proto tcp from 15.13.106.0/24 to any port = 23
keep limit 500
pass in log limit freq 20 quick proto tcp from any to any
port = 23 keep limit 4
If the ruleset in the previous example is modified to use the group
keyword, it is only necessary for the packet to search four rules
before finding a match. For example:
pass in quick proto tcp from 15.13.2.1-15.13.2.100 to any
port = 23 head 1
pass in quick proto tcp from 15.13.2.1 to any port = 23 keep
limit 1 group 1
pass in quick proto tcp from 15.13.2.2 to any port = 23 keep
limit 2 group 1
.
(15.13.2.3 to 15.13.2.99)
.
pass in quick proto tcp from 15.13.2.100 to any port = 23
keep limit 100 group 1
pass in quick proto tcp from 15.13.103.0/24 to any port = 23
keep limit 500
pass in quick proto tcp from 15.13.104.0/24 to any port = 23
keep limit 500
pass in quick proto tcp from 15.13.105.0/24 to any port = 23
keep limit 500
pass in quick proto tcp from 15.13.106.0/24 to any port = 23
keep limit 500
pass in log limit freq 20 quick proto tcp from any to any
port = 23 keep limit 4