Manualshelf

HP-UX IPFilter Version A.03.05.14 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
41424344454647484950
Rules and Keywords
IPFilter Keywords
Chapter 2 29
You can combine specific from
ip_address
and to
ip_address
keywords to restrict traffic based on both source and destination IP
addresses.
You can also filter traffic using both IP addresses and network interface
names. For example, you want data from lan0, but not from
192.168.0.0/16. Configure the following rules:
block in quick on lan0 from 192.168.0.0/16 to any
pass in all
With this ruleset, the on lan0 keyword means that a packet is blocked
only if it comes in on the lan0 interface. If a packet comes in on the lan0
interface from 192.168.0.0/16, it passes.
log: Tracking Packets on a System
You can use the logging capability of IPFilter to track incoming and
outgoing packets. Logging lets you determine if your IPFilter system is
being attacked, and gives you some information about attacks.
While it is unnecessary to log every passed packet and, in some cases,
every blocked packet, you can select to log specific blocked or passed
packets. For example, if you want to log blocked packets from a specific
address, such as 20.20.20.0/24, use the following rule:
block in log quick on lan0 from 20.20.20.0/24 to any
You can use the log keyword with any IPFilter rule. HP recommends
deciding which rules are the most important or the most likely to block
attacks on your system and logging only those rules.
NOTE The log keyword can be used with several advanced options to control
and enhance logging functionality and performance. See “Logging
Techniques” on page 70 for more information.