HP-UX IPFilter Version A.03.05.14 Administrator's Guide
Dynamic Connection Allocation
DCA Rule Modifications
Chapter 3 55
DCA Rule Modifications
The following sections describe how to modify DCA rules when HP-UX
IPFilter is running.
NOTE HP recommends configuring a redundant rule, such as pass in all, in
all DCA rules files. IPFilter does not process packets without a rule.
To modify an active rules file:
1. Run the following command:
ipf -f
<rules file>
2. Add new rules to the rules file.
DCA begins processing incoming packets with the new rules as you
add them.
CAUTION If a non-cumulative rule already has a connection limit entry in the
limit table, DCA matches incoming packets with the same source IP
address, destination IP address, and destination port to the old rule.
This occurs even if you enter a new rule higher up the list in the
active rules file. The new rule does not take effect until the current
connection limit entry expires.
To force a new rule to take effect immediately, follow the procedures
described in “Updating keep limit Rules” on page 56. Alternately, use
the following procedure to modify an inactive rules file and switch it
with the active rules file.
To modify an inactive rules file, then switch it with the active rules file:
1. Run the following command to add or modify rules in an inactive
rules file:
ipf -If
<rules file>