Manualshelf

HP-UX IPFilter Version A.03.05.14 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
21222324252627282930
Installing and Configuring HP-UX IPFilter
Step 4: Adding Rules to the Rules Files
Chapter 18
Step 4: Adding Rules to the Rules Files
To add your rules to the /etc/opt/ipf/ipf.conf file (or your chosen
rules file) and to the /etc/opt/ipf/ipnat.conf file, use a text editor
such as vi.
NOTE DCA rules are added along with IPFilter rules in the
/etc/opt/ipf/ipf.conf file or your selected rules file. DCA rules can
be used with or without IPFilter rules. If using the DCA feature, DCA
mode must be turned on. For more information, see “DCA Mode” on
page 61.
Adding IPFilter Rules
When IPFilter is installed, the default rules file, ipf.conf, is empty. You
must add rules to this file to create a firewall. Alternately, you can
change the configuration to read different rules files you specify.
Filtering rules added to /etc/opt/ipf/ipf.conf are loaded when the
system is booted. If you do not want the rules to load on bootup, place
your rules in an alternate location, such as /etc/ipf.conf. You can then
load these rules manually using the ipf command.
See the example rulesets in Appendix A, “HP-UX IPFilter Configuration
Examples,” on page 147 for assistance in putting your ruleset together.
You can find additional information on the ipf command in “The ipf
Utility” on page 83.
Adding NAT Rules
When IPFilter is installed, the default NAT rules file ipnat.conf is
empty. You must add rules to this file to enable NAT. Alternately, you can
change the configuration to read different NAT rules files you specify by
changing the default configuration file name or location in the
/etc/rc.config.d/ipfconf file.