Manualshelf

HP-UX IPFilter Version A.03.05.14 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
31323334353637383940
Installing and Configuring HP-UX IPFilter
Troubleshooting HP-UX IPFilter
Chapter 118
NOTE If you are using /etc/opt/ipf/ipf.conf as your rules file, then it
will be loaded at boot time. The IPFilter startup script
/sbin/init.d/ipfboot will:
Load the IPFilter module.
Start the logging daemon, ipmon.
Load any uncommented rules present in
/etc/opt/ipf/ipf.conf.
If the last effective rule amounts to “block in all,” the boot sequence
might not complete, for example, when sendmail, SNMP, and NIS
are configured on the system.
Nothing is logged.
Verify the following:
ipf -V should show the logging file as available.
ps -ef|grep ipmon to verify if ipmon is running. During bootup,
ipmon is started. If it is not running, start it by using:
ipmon -sD
The -s option specifies that the log records go to
/var/adm/syslog/syslog.log and the -D option directs ipmon to
run as a daemon in the background.
Errors occur when loading rules.
# ipf -f
<rulefile>
ioctl (add/insert rule); File Exists
This occurs when you try to add a rule that is already loaded. Use the
following command to load rules:
ipf -Fa -f <
rulefile
>
The -Fa option will flush any previous rules present and all rules
will be reloaded.
In addition, you can use ipftest to test a set of filter rules without
having to put them in place. See the ipftest (1) manpage for more
information on this tool.