Operating System - HP-UX
1747980 Members
3620 Online
108756 Solutions
New Discussion

What is a iptables in hp ux

 
aamir4u
Regular Advisor

What is a iptables in hp ux

Hello,

 

What is a iptables in hp ux or how to cheak firewall setting

and ip tables rules.

 

Please give me examples and commands to works.

 

 

Thanks
aamir uddin
4 REPLIES 4
basant
Frequent Advisor

Re: What is a iptables in hp ux

IPTABLES are not used in hpux , iptables used only in linux.

 

Using Ipfilter to block connections from an external machine to our HPUX box

Hi,

This is a quick introduction to Ipfilter on HP-UX:

First we have to start the daemons and load the DLKM module

in the file /etc/rc.config.d/ipfconf

we set the IPF_START to 1

IPF_START=1

Then we load the kernel module

# /sbin/init.d/ipfboot start
Set 0 now inactive
Set 0 now inactive
0 entries flushed from NAT table
0 entries flushed from NAT list

we can check the kernel module is loaded:

# kcmodule| grep ipf
ipf loaded explicit auto-loadable, unloadable

then we check ipf is working ok:

# ipf -V
ipf: HP IP Filter: v3.5alpha5 (A.11.23.15.01) (376)
Kernel: HP IP Filter: v3.5alpha5 (A.11.23.15.01)
Running: yes <---- OK
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1

know we can write the firewall rules to our config file:

# vi /etc/opt/ipf/ipf.conf

we are going to use a very easy example, we we block any incoming conections from the server 0189 to our HP-UX box

block in quick on lan0 from 0189 to any
pass in from any to any

using the quick keyword makes the package that matches that rule will be applied inmediatly, no going trough anymore rules.

We load the new config:

#ipf -Fa -f /etc/opt/ipf/ipf.conf

Check if our rules are active:

# ipfstat -io
empty list for ipfilter(out)
block in quick on lan0 from 1.7.2.3/23 to any
pass in from any to any

Now i can't ssh,ping,etc the HPUX_BOX from my pc desktop:

P:\>ping HPUX_BOX

Haciendo ping a HPUX_BOX [1.7.2.23] con 32 bytes de datos:

Tiempo de espera agotado para esta solicitud.
Tiempo de espera agotado para esta solicitud.
Tiempo de espera agotado para esta solicitud.
Tiempo de espera agotado para esta solicitud.

Estadísticas de ping para 1.7.2.23 :
Paquetes: enviados = 4, recibidos = 0, perdidos = 4
(100% perdidos),

We can check out the stats and see how the blocked counter increases:

[root@vmfcont:~]# ipfstat | grep -i blocked
input packets: blocked 7 passed 13677 nomatch 1 counted 0 short 0
output packets: blocked 0 passed 570 nomatch 268 counted 0 short 0

If we wan't to flush the rules and delete them from the active ipf:

# ipf -Fa
# ipfstat -io
empty list for ipfilter(out)
empty list for ipfilter(in)

For more info:

http://www.docs.hp.com/en/B9901-90029/index.html

Basant Sharma
basant
Frequent Advisor

Re: What is a iptables in hp ux

Hi make entry of ip address in /etc/host.allow & /etc/host.deny or Use ip filter to block a particular ip in HPUX. if not installed download & install to your hpux server . To configure IPFilter to pass or block packets based on their source IP address, use the from ip_address keyword. For example: block in quick from 192.168.0.0 to any for details refer this link http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c02033615/c02033615.pdf Basant Sharma
Basant Sharma
Dirk Verweij
Occasional Advisor

Re: What is a iptables in hp ux

too bad the deeplink to docs.hp.com has not been modified

(KasperH for Dirk)

Torsten.
Acclaimed Contributor

Re: What is a iptables in hp ux

The old docs.hp.com link points to B9901-90029 - HP-UX IPFilter A.03.05.12 Administrator's Guide (B9901-90029).

Google found it:

 

http://h20565.www2.hpe.com/hpsc/doc/public/display?sp4ts.oid=4145774&docId=emr_na-c02033614&docLocale=en_US

 

and even some much newer versions:

 

https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumber=B9901AA

 

 


Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!