HP-UX IPFilter Version A.03.05.14 Administrator's Guide
Dynamic Connection Allocation
DCA Rule Modifications
Chapter 358
2. Delete the old rule.
To Add a New Subnet or IP Address Range Rule:
1. Add the new rule on the line before the old rule which the new rule is
to replace.
2. Delete the old rule.
Limit entries made by the old rule are updated when a new
connection is processed. New connections are processed with the new
rule.
To add a more specific subnet or IP address range rule, see the
following section, Integrating keep limit Rules.
Integrating keep limit Rules
The following procedure describes how to add a specific subnet or IP
address range rule before an existing general subnet or IP address range
rule.
1. Add the new subnet or IP address range rule. Be sure to re-enter the
old subnet or IP address range rule exactly as it was entered before.
When a new connection matches an existing limit entry, the new
connection will be processed by the new subnet or IP address range
rule. The subnet or IP address range can be cumulative or
non-cumulative.
Extracting an Individual Rule from a Subnet Rule
To extract an individual rule from a subnet rule:
1. Add the new rule on the line before the subnet rule. Be sure the
subnet or IP address range rule is identical to the old rule.
When a new connection matches an existing limit entry, the new
connection will be processed by the new individual rule. The subnet
or IP address range can be cumulative or non-cumulative.