Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX IPFilter Version A.03.05.12 Administrator's Guide: HP-UX 11.0, HP-UX 11i version 1,HP-UX 11i version 2 > Chapter 4 Firewall Building Concepts

Creating a Complete Filter by Interface
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

When you create a ruleset, you should set up rules for all directions and all interfaces. The default state of IPFilter is to pass packets both in and out. Instead of relying on the IPFilter default behavior, make every ruleset as specific as possible, interface by interface, until all possibilities are explicitly covered.

For example, if you have an IPFilter system with a lan1 interface, and a lan0 interface, configure the following rules:

pass out quick on lan1 
pass in quick on lan1
block out quick on lan0 from any to 192.168.0.0/16 
block out quick on lan0 from any to 172.16.0.0/12 
block out quick on lan0 from any to 10.0.0.0/8 
pass  out quick on lan0 from 20.20.20.0/24 to any 
block out quick on lan0 from any to any
block in quick on lan0 from 192.168.0.0/16 to any 
block in quick on lan0 from 172.16.0.0/12 to any 
block in quick on lan0 from 10.0.0.0/8 to any 
block in quick on lan0 from 127.0.0.0/8 to any 
block in log quick on lan0 from 20.20.20.0/24 to any 
pass in all

In this example, no restrictions are on traffic in and out on lan1. Traffic has significant restrictions both in and out of lan0.

NOTE: When setting up your ruleset, be sure that you add rules for all appropriate directions and interfaces.


Using the to Keyword to Capture Blocked Packets
  		 


Combining IP Address and Network Interface Filtering  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001-2005 Hewlett-Packard Development Company, L.P.