System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Server became unreachable when try to enable IP-filter

 
masthan_1
Advisor

Server became unreachable when try to enable IP-filter

Dear experts,

 

I have a hpux server (npar) of hpux 11.31 version in superdome2 blade arch. I tried to enable ip-filter by the command

/opt/ipf/bin/ipfilter -e

the ip-filter version is 

root@h22-2-1: / # swlist -l product | grep -i ipfilter
IPF-HP A.11.31.17.05 HP IPFilter 3.5alpha5
PFIL-HP A.11.31.17.05 HP IPFilter PFIL Interface
root@h22-2-1: / #

 

Kindly confirm is this a known issue or i have done it mistakenly. Before i checked the following and there were no entries in /etc/opt/ipf/ipf.conf as below.

root@h22-2-1: / # cat /etc/opt/ipf/ipf.conf
root@h22-2-1: / #

and also in /etc/rc.config.d/ipfconf file, the ipfilter is not starting default, autostart is "0" only.

seeking your expert help on this.

 

root@h22-2-1: / # uname -a
HP-UX h22-2-1 B.11.31 U ia64 3670021224 unlimited-user license
root@h22-2-1: / #

 

regards,

Masthan

2 REPLIES
rariasn
Honored Contributor

Re: Server became unreachable when try to enable IP-filter

Hi:

 

 

 WARNING
HP recommends that you enable or disable IPFilter when interrupting   network connectivity is not disruptive.  HP recommends that you do not  enable or disable HP-UX IPFilter when critical network applications   are running.  Enabling or disabling IPFilter briefly brings down all  IP interfaces on the system, then brings up only the IP interfaces  configured in the /etc/rc.config.d/netconf and   /etc/rc.config.d/netconf-ipv6 files. IP addresses not configured in    the netconf or netconf-ipv6 file, such as Serviceguard relocatable IP   addresses, are not re-enabled.

 

man ipfiltere

 

rgs.

masthan_1
Advisor

Re: Server became unreachable when try to enable IP-filter

Thanks for your reply.

One more thing we have configured APA (auto port aggregation) as well. Hence in netconf file we have only entries for those lancards which are grouped to create lan900...lan901...when we enable ip filter using 

# /opt/ipf/bin/ipfilter -e, as you said it refers to netconf file..is it possible to put an entry for lan900 in netconf file?...in this case, how can i configure ip-filter, any idean why the server went un-reachable..

thanks for sending the reply again..

 

i will assing points soon :)

 

regards,

Masthan