HP-UX IPFilter Version A.03.05.14 Administrator's Guide
193
A
active rules list
, 11
adding keep limit rules, 57
B
bidirectional filtering
in keyword
, 26
out keyword, 26
bidirectional filtering with IPSec, 132
bimap keyword, 40
block keyword, 26
blocked traffic
IPSec
correcting
, 133
C
checklist
installation and configuration
, 3
commands
unsupported, 102
configuration
checklist
, 3
IPv6, 105
rules file, 24
rules processing, 25
verifying, 13
configuration examples, 149
configuring
file conventions
, 10, 24
configuring variables, 60
D
DCA
keywords
, 47
logging command, 95
overview, 45
processing commands, 84
remote failover, 145
rule modifications, 55
setting mode, 61, 84
syntax, 52
variables, 59
DCA keywords
keep limit, 47
log limit, 49
log limit freq, 51
DCA_START configuration option, 61
debugging
ipfstat utility, 88
Denial of Service attack defense, 30
drop-safe logging
to keyword
, 75
dup-to keyword, 38
Dynamic Connection Allocation
See DCA
dynamic linking
, 180
E
examples
configuration
basic
, 149, 152
TCP, 171
extension headers
IPv6, 109
extracting keep limit rules, 58
F
filtering
bidirectional
, 26
by interface, 27
by IP address, 28
by subnet, 28
by TCP header flags, 35
ICMP packets, 31
IP address and interface, 28
IPv6, 106
localhost, 74
on IP options, 30
package IP address, 140
port number, 33
filtering on flags
confusing with keeping state, 66
firewall
basic configuration, 23
flags keyword, 35
fr_limitmax limits, 60
fr_statemax, 59
fr_statemax limits, 59
fr_tcpidletimeout, 60
fragmentation
IPv6
, 111
from keyword, 28
FTP
active FTP
client
, 119
server, 117
how it works, 115
passive FTP
client
, 120