Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX IPFilter Version A.03.05.12 Administrator's Guide: HP-UX 11.0, HP-UX 11i version 1,HP-UX 11i version 2 > Chapter 4 Firewall Building Concepts

Using the to Keyword to Capture Blocked Packets
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

You can use the to keyword apart from the from keyword. If you want to block a packet, you can use the to keyword to push the packet past the normal routing table and force it to go out on a different interface. For example:

block in quick on lan0 to lan1 proto tcp from any to any port <  1024

This rule blocks incoming packets, but also forces them over to the lan1 interface, where they can be logged. If you log blocked packets this way, you can then analyze blocked traffic for possible attacks on the system.

Use block quick for to interface routing because the to interface code will generate two packet paths through IPFilter when used with pass.

NOTE: If you are configuring rules to pass packets, but also want the packets to go to another interface, use the dup-to keyword. See “dup-to: Drop-Safe Logging”.


Localhost Filtering
  		 


Creating a Complete Filter by Interface  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001-2005 Hewlett-Packard Development Company, L.P.