topic Re: What is a iptables in hp ux in Operating System - HP-UX

What is a iptables in hp ux

aamir4u — Tue, 27 Dec 2011 07:04:26 GMT

Hello,

What is a iptables in hp ux or how to cheak firewall setting

and ip tables rules.

Please give me examples and commands to works.

Re: What is a iptables in hp ux

basant — Thu, 29 Dec 2011 08:22:15 GMT

IPTABLES are not used in hpux , iptables used only in linux.

Using Ipfilter to block connections from an external machine to our HPUX box

Wed, 08/12/2009 - 15:04 — liquid

Hi,

This is a quick introduction to Ipfilter on HP-UX:

First we have to start the daemons and load the DLKM module

in the file /etc/rc.config.d/ipfconf

we set the IPF_START to 1

IPF_START=1

Then we load the kernel module

# /sbin/init.d/ipfboot start
Set 0 now inactive
Set 0 now inactive
0 entries flushed from NAT table
0 entries flushed from NAT list

we can check the kernel module is loaded:

# kcmodule| grep ipf
ipf loaded explicit auto-loadable, unloadable

then we check ipf is working ok:

# ipf -V
ipf: HP IP Filter: v3.5alpha5 (A.11.23.15.01) (376)
Kernel: HP IP Filter: v3.5alpha5 (A.11.23.15.01)
Running: yes <---- OK
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1

know we can write the firewall rules to our config file:

# vi /etc/opt/ipf/ipf.conf

we are going to use a very easy example, we we block any incoming conections from the server 0189 to our HP-UX box

block in quick on lan0 from 0189 to any
pass in from any to any

using the quick keyword makes the package that matches that rule will be applied inmediatly, no going trough anymore rules.

We load the new config:

#ipf -Fa -f /etc/opt/ipf/ipf.conf

Check if our rules are active:

# ipfstat -io
empty list for ipfilter(out)
block in quick on lan0 from 1.7.2.3/23 to any
pass in from any to any

Now i can't ssh,ping,etc the HPUX_BOX from my pc desktop:

P:\>ping HPUX_BOX

Haciendo ping a HPUX_BOX [1.7.2.23] con 32 bytes de datos:

Tiempo de espera agotado para esta solicitud.
Tiempo de espera agotado para esta solicitud.
Tiempo de espera agotado para esta solicitud.
Tiempo de espera agotado para esta solicitud.

EstadÃsticas de ping para 1.7.2.23 :
Paquetes: enviados = 4, recibidos = 0, perdidos = 4
(100% perdidos),

We can check out the stats and see how the blocked counter increases:

[root@vmfcont:~]# ipfstat | grep -i blocked
input packets: blocked 7 passed 13677 nomatch 1 counted 0 short 0
output packets: blocked 0 passed 570 nomatch 268 counted 0 short 0

If we wan't to flush the rules and delete them from the active ipf:

# ipf -Fa
# ipfstat -io
empty list for ipfilter(out)
empty list for ipfilter(in)

For more info:

http://www.docs.hp.com/en/B9901-90029/index.html

Re: What is a iptables in hp ux

basant — Tue, 03 Jan 2012 13:50:19 GMT

Hi make entry of ip address in /etc/host.allow & /etc/host.deny or Use ip filter to block a particular ip in HPUX. if not installed download & install to your hpux server . To configure IPFilter to pass or block packets based on their source IP address, use the from ip_address keyword. For example: block in quick from 192.168.0.0 to any for details refer this link http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c02033615/c02033615.pdf Basant Sharma

Re: What is a iptables in hp ux

Dirk Verweij — Thu, 02 Feb 2017 10:24:59 GMT

too bad the deeplink to docs.hp.com has not been modified

(KasperH for Dirk)

Re: What is a iptables in hp ux

Torsten. — Thu, 02 Feb 2017 11:41:58 GMT

The old docs.hp.com link points to B9901-90029 - HP-UX IPFilter A.03.05.12 Administrator's Guide (B9901-90029).

Google found it:

http://h20565.www2.hpe.com/hpsc/doc/public/display?sp4ts.oid=4145774&docId=emr_na-c02033614&docLocale=en_US

and even some much newer versions:

https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumber=B9901AA