Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX IPFilter Version A.03.05.12 Administrator's Guide: HP-UX 11.0, HP-UX 11i version 1,HP-UX 11i version 2 > Chapter 4 Firewall Building Concepts

Using Bidirectional Filtering Capabilities
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

You can use bidirectional filtering to limit packets leaving a system to those that come from a specific subnet. For example, to limit traffic passing out of the IPFilter system to packets coming from the 20.20.20.0/24 subnet, configure the following rules:

pass out quick on lan0 from 20.20.20.0/24 to any
block out quick on lan0 from any to any

If a packet originates from IP address 20.20.20.1/32, it is sent out by the first rule. If a packet originates from IP address 1.2.3.4/32, it is blocked by the second rule.

You can also configure similar rules for unroutable addresses. If a machine routes a packet through IPFilter with a destination of 192.168.0.0/16, you can drop it to save bandwidth. Use the following ruleset:

block out quick on lan0 from any to 192.168.0.0/16
block out quick on lan0 from any to 172.16.0.0/12
block out quick on lan0 from any to 10.0.0.0/8

This enhances the security of other systems. Spoofed packets cannot be sent from your site.

NOTE: The in and out directions refer to the IPFilter system only.


Combining IP Address and Network Interface Filtering
  		 


Using port and proto to Create a Secure Filter  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001-2005 Hewlett-Packard Development Company, L.P.