Manualshelf

HP-UX IPFilter Version A.03.05.14 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
81828384858687888990
Firewall Building Concepts
Localhost Filtering
Chapter 474
Localhost Filtering
Use localhost filtering with IPFilter to provide both security and
convenience for your users.
Localhost filtering with IPFilter can be used effectively in conjunction
with other security products, such as external firewalls and internal
software products.
The following example is a ruleset configured to run on a machine that
also uses TCP Wrapper to protect its network services.
pass in quick on lan0 all
pass out quick on lan0 all
block in log all
block out all
pass in quick proto tcp from any to any port = 113 flags S keep
state
pass in quick proto tcp from any to any port = 22 flags S keep
state
pass in quick proto tcp from any port = 20 to any port 39999 >
< 45000 flags S keep state
pass out quick proto icmp from any to any keep state
pass out quick proto tcp/udp from any to any keep state keep
frags
This IPFilter ruleset provides enhanced protection for the system and
services using TCP Wrapper. Any security holes left by TCP Wrapper are
plugged.
No negative impact results from running IPFilter all the time.