https://community.hpe.com/t5/operating-system-hp-ux/ipfilter-not-filtering-after-first-start/m-p/7202473#M948710 <P>I'm trying to get an 11.31 system going with IPFilter but even though the system says it's up and working, it's not filtering anything.</P><P>I set up 2 other systems and one was fine with starting the first time with no reboot, but the other one required a reboot to start the first time.</P><P>#&gt;&nbsp;ipf -V<BR />ipf: HP IP Filter: v3.5alpha5 (A.11.31.15.01) (376)<BR />Kernel: HP IP Filter: v3.5alpha5 (A.11.31.15.01)<BR />Running: yes<BR />Log Flags: 0 = none set<BR />Default: pass all, Logging: available<BR />Active list: 0</P><P>#&gt; kcmodule| grep ipf<BR />ipf loaded explicit auto-loadable, unloadable</P><P>#&gt; ipfstat<BR />dropped packets: in 0 out 0<BR />non-data packets: in 0 out 0<BR />no-data packets: in 0 out 0<BR />non-ip packets: in 0 out 0<BR />bad packets: in 0 out 0<BR />copied messages: in 0 out 0<BR />IPv6 packets: in 0 out 0<BR />input packets: blocked 0 passed 0 nomatch 0 counted 0 short 0<BR />output packets: blocked 0 passed 0 nomatch 0 counted 0 short 0<BR />input packets logged: blocked 0 passed 0<BR />output packets logged: blocked 0 passed 0<BR />packets logged: input 0 output 0<BR />log failures: input 0 output 0<BR />fragment state(in): kept 0 lost 0<BR />fragment state(out): kept 0 lost 0<BR />packet state(in): kept 0 lost 0<BR />packet state(out): kept 0 lost 0<BR />TCP connections: in 0 out 0<BR />ICMP replies: 0 TCP RSTs sent: 0<BR />Invalid source(in): 0<BR />Result cache hits(in): 0 (out): 0<BR />IN Pullups succeeded: 0 failed: 0<BR />OUT Pullups succeeded: 0 failed: 0<BR />Fastroute successes: 0 failures: 0<BR />TCP cksum fails(in): 0 (out): 0<BR />Packet log flags set: (0)<BR />none</P><P>#&gt; ipfstat -io<BR />empty list for ipfilter(out)<BR />pass in quick on lan0 from 192.168.160.37/32 to any<BR />pass in quick on lan3 from 192.168.160.37/32 to any<BR />pass in quick on lan0 from 192.168.160.59/32 to any<BR />pass in quick on lan3 from 192.168.160.59/32 to any<BR />pass in quick on lan0 from 192.168.2.70/32 to any<BR />pass in quick on lan3 from 192.168.2.70/32 to any<BR />pass in quick on lan0 from 192.168.2.81/32 to any<BR />pass in quick on lan3 from 192.168.2.81/32 to any<BR />pass in quick on lan0 from 192.168.2.140/32 to any<BR />pass in quick on lan3 from 192.168.2.140/32 to any<BR />pass in quick on lan0 from 192.168.160.228/32 to any<BR />pass in quick on lan3 from 192.168.160.228/32 to any<BR />pass in quick on lan0 from 192.168.160.98/32 to any<BR />pass in quick on lan0 from 192.168.160.22/32 to any<BR />pass in quick on lan3 from 192.168.160.98/32 to any<BR />pass in quick on lan3 from 192.168.160.22/32 to any<BR />pass in quick on lan0 proto tcp from any to 192.168.160.0/24 port = 1099<BR />pass in quick on lan3 proto tcp from any to 192.168.160.0/24 port = 1099<BR />pass in quick on lan0 proto tcp from any to 192.168.160.0/24 port = 22<BR />pass in quick on lan3 proto tcp from any to 192.168.160.0/24 port = 22<BR />pass in quick on lan0 proto tcp from any to 192.168.160.0/24 port &gt; 49151<BR />pass in quick on lan3 proto tcp from any to 192.168.160.0/24 port &gt; 49151<BR />block in log from any to any</P><P>Is there a way to prod IPFilter into actually filtering without requiring a reboot? (the system hasn't been rebooted in a very long time and the last one that we rebooted after an extended time had several CLI changes made that weren't in boot files)</P><P>&nbsp;</P> Tue, 19 Dec 2023 09:32:21 GMT GregMBC 2023-12-19T09:32:21Z https://community.hpe.com/t5/operating-system-hp-ux/ipfilter-not-filtering-after-first-start/m-p/7202473#M948710 <P>I'm trying to get an 11.31 system going with IPFilter but even though the system says it's up and working, it's not filtering anything.</P><P>I set up 2 other systems and one was fine with starting the first time with no reboot, but the other one required a reboot to start the first time.</P><P>#&gt;&nbsp;ipf -V<BR />ipf: HP IP Filter: v3.5alpha5 (A.11.31.15.01) (376)<BR />Kernel: HP IP Filter: v3.5alpha5 (A.11.31.15.01)<BR />Running: yes<BR />Log Flags: 0 = none set<BR />Default: pass all, Logging: available<BR />Active list: 0</P><P>#&gt; kcmodule| grep ipf<BR />ipf loaded explicit auto-loadable, unloadable</P><P>#&gt; ipfstat<BR />dropped packets: in 0 out 0<BR />non-data packets: in 0 out 0<BR />no-data packets: in 0 out 0<BR />non-ip packets: in 0 out 0<BR />bad packets: in 0 out 0<BR />copied messages: in 0 out 0<BR />IPv6 packets: in 0 out 0<BR />input packets: blocked 0 passed 0 nomatch 0 counted 0 short 0<BR />output packets: blocked 0 passed 0 nomatch 0 counted 0 short 0<BR />input packets logged: blocked 0 passed 0<BR />output packets logged: blocked 0 passed 0<BR />packets logged: input 0 output 0<BR />log failures: input 0 output 0<BR />fragment state(in): kept 0 lost 0<BR />fragment state(out): kept 0 lost 0<BR />packet state(in): kept 0 lost 0<BR />packet state(out): kept 0 lost 0<BR />TCP connections: in 0 out 0<BR />ICMP replies: 0 TCP RSTs sent: 0<BR />Invalid source(in): 0<BR />Result cache hits(in): 0 (out): 0<BR />IN Pullups succeeded: 0 failed: 0<BR />OUT Pullups succeeded: 0 failed: 0<BR />Fastroute successes: 0 failures: 0<BR />TCP cksum fails(in): 0 (out): 0<BR />Packet log flags set: (0)<BR />none</P><P>#&gt; ipfstat -io<BR />empty list for ipfilter(out)<BR />pass in quick on lan0 from 192.168.160.37/32 to any<BR />pass in quick on lan3 from 192.168.160.37/32 to any<BR />pass in quick on lan0 from 192.168.160.59/32 to any<BR />pass in quick on lan3 from 192.168.160.59/32 to any<BR />pass in quick on lan0 from 192.168.2.70/32 to any<BR />pass in quick on lan3 from 192.168.2.70/32 to any<BR />pass in quick on lan0 from 192.168.2.81/32 to any<BR />pass in quick on lan3 from 192.168.2.81/32 to any<BR />pass in quick on lan0 from 192.168.2.140/32 to any<BR />pass in quick on lan3 from 192.168.2.140/32 to any<BR />pass in quick on lan0 from 192.168.160.228/32 to any<BR />pass in quick on lan3 from 192.168.160.228/32 to any<BR />pass in quick on lan0 from 192.168.160.98/32 to any<BR />pass in quick on lan0 from 192.168.160.22/32 to any<BR />pass in quick on lan3 from 192.168.160.98/32 to any<BR />pass in quick on lan3 from 192.168.160.22/32 to any<BR />pass in quick on lan0 proto tcp from any to 192.168.160.0/24 port = 1099<BR />pass in quick on lan3 proto tcp from any to 192.168.160.0/24 port = 1099<BR />pass in quick on lan0 proto tcp from any to 192.168.160.0/24 port = 22<BR />pass in quick on lan3 proto tcp from any to 192.168.160.0/24 port = 22<BR />pass in quick on lan0 proto tcp from any to 192.168.160.0/24 port &gt; 49151<BR />pass in quick on lan3 proto tcp from any to 192.168.160.0/24 port &gt; 49151<BR />block in log from any to any</P><P>Is there a way to prod IPFilter into actually filtering without requiring a reboot? (the system hasn't been rebooted in a very long time and the last one that we rebooted after an extended time had several CLI changes made that weren't in boot files)</P><P>&nbsp;</P> Tue, 19 Dec 2023 09:32:21 GMT https://community.hpe.com/t5/operating-system-hp-ux/ipfilter-not-filtering-after-first-start/m-p/7202473#M948710 GregMBC 2023-12-19T09:32:21Z https://community.hpe.com/t5/operating-system-hp-ux/ipfilter-not-filtering-after-first-start/m-p/7202916#M948711 <P dir="auto" style="margin: 0;">Hello GregMBC</P> <P dir="auto" style="margin: 0;">You may try disable and enable ipfilter and see if that helps you .<BR />/opt/ipf/bin/ipfilter -d<BR />/opt/ipf/bin/ipfilter -e</P> <P dir="auto" style="margin: 0;">Also noticed "Active list: 0", seems the rules are not applied till .<BR />#&gt; ipf -V<BR />ipf: HP IP Filter: v3.5alpha5 (A.11.31.15.01) (376)<BR />Kernel: HP IP Filter: v3.5alpha5 (A.11.31.15.01)<BR />Running: yes<BR />Log Flags: 0 = none set<BR />Default: pass all, Logging: available<BR />Active list: 0 &nbsp;===&gt;</P> <P dir="auto" style="margin: 0;">You may refer the Admin guide (URL given below) and see how to load the filter rules .<BR />Refer Section Configuring and loading IPv4 filter rules for more information .<BR /><A href="https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&amp;docId=emr_na-c04083959" target="_blank">https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&amp;docId=emr_na-c04083959</A></P> <P dir="auto" style="margin: 0;">I work for HPE/ I am an HPE Employee (HPE Community)</P> Fri, 15 Dec 2023 16:06:14 GMT https://community.hpe.com/t5/operating-system-hp-ux/ipfilter-not-filtering-after-first-start/m-p/7202916#M948711 georgek_1 2023-12-15T16:06:14Z https://community.hpe.com/t5/operating-system-hp-ux/ipfilter-not-filtering-after-first-start/m-p/7203033#M948714 <P>---</P><P>You may try disable and enable ipfilter and see if that helps you .<BR />/opt/ipf/bin/ipfilter -d<BR />/opt/ipf/bin/ipfilter -e</P><P>---</P><P>This did it, the system started logging and filters with a stop/start of the filter system itself.</P><P>Thanks!</P><P>&nbsp;</P> Mon, 18 Dec 2023 13:38:26 GMT https://community.hpe.com/t5/operating-system-hp-ux/ipfilter-not-filtering-after-first-start/m-p/7203033#M948714 GregMBC 2023-12-18T13:38:26Z https://community.hpe.com/t5/operating-system-hp-ux/ipfilter-not-filtering-after-first-start/m-p/7203094#M948719 <P>Hello&nbsp;<a href="https://community.hpe.com/t5/user/viewprofilepage/user-id/2223333">@GregMBC</a>,</P> <P>Perfect!&nbsp;</P> <P>We are extremely glad to know the problem has been resolved and we appreciate you for keeping us posted.&nbsp;</P> Tue, 19 Dec 2023 05:31:04 GMT https://community.hpe.com/t5/operating-system-hp-ux/ipfilter-not-filtering-after-first-start/m-p/7203094#M948719 Sunitha_Mod 2023-12-19T05:31:04Z