HP-UX IPFilter Version A.03.05.14 Administrator's Guide

Installing and Configuring HP-UX IPFilter

Step 5: Loading IPFilter and NAT Rules

Chapter 1 11

• Flush rules from your ruleset using the -Fa option of the ipf

command:

ipf -Fa

The -Fa option flushes previously configured rules. The -A option

specifies the active rules list. For example:

ipf -Fa -A -f /etc/opt/ipf/ipf.conf

The previous command flushes the previously configured rules,

specifies /etc/opt/ipf/ipf.conf as the active rules file, and loads

the rules in /etc/opt/ipf/ipf.conf for immediate use.

Optionally, use the -I option if you do not want to save previously

configured rules. This command adds rules to the inactive rule list.

For example:

ipf -I -Fa -A -f /etc/opt/ipf/ipf.conf

This command enables the new rules. The -I option swaps the active

rules you just configured with the inactive rules. To make the old

rules effective again, use ipf -s to swap the rulesets.

The -Fi command flushes only the IN rules in the specified rules file.

For example:

ipf -Fi /etc/opt/ipf/ipf.conf

The -Fo command flushes only the IN rules in the specified rules file.

For example:

ipf -Fo /etc/opt/ipf/ipf.conf

Removing IPFilter Rules

If necessary, the following command can be used to remove different

rules files:

ipf -r -f

<delete_rule_file>

This command can be executed while IPFilter is running.