Re: ipf.conf

Jason_309 · ‎04-11-2005

I have never made a new entry in the ipf.conf file. I was wondering if i could get some help. I need to open port 1527 for TNS 9008 for Oracle forms and 8007 for http. Please advice.

Steven E. Protter · ‎04-11-2005

http://www2.itrc.hp.com/service/james/dispDoc.do?docURL=http%3A%2F%2Fsearch.hp.com%2Fredirect.html%3Furl%3Dhttp%253A%2F%2Fforums1.itrc.hp.com%2Fservice%2Fforums%2Fquestionanswer.do%253FthreadId%253D536229%26qt%3D%252Bipfilter%2B%252Bconfiguration%2B%26hit%3D3&aid=SEARCH_FORUMS&pil=3&serStr=ipfilter+configuration&pir=3

http://www2.itrc.hp.com/service/james/dispDoc.do?docURL=http%3A%2F%2Fsearch.hp.com%2Fredirect.html%3Furl%3Dhttp%253A%2F%2Fforums1.itrc.hp.com%2Fservice%2Fforums%2Fquestionanswer.do%253FthreadId%253D68830%26qt%3D%252Bipfilter%2B%252Bconfiguration%2B%26hit%3D2&aid=SEARCH_FORUMS&pil=2&serStr=ipfilter+configuration&pir=2

This thread:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=686053
Authored by me contains an attachement and some discussion on how to work the ipfilter firewall.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Biswajit Tripathy · ‎04-11-2005

Jason,

Add the following rules to the top of your ipf.conf
file.
----
pass in quick proto tcp from any to any port = 1527 flags S keep state
pass in quick proto tcp from any to any port = 8007 flags S keep state
----

You could replace the "from any" part in both the
above rules if you know exactly which machine or
set of machines or IP address range or network
you are expecting the connections. You could
control the number of connections to these ports
if you want.

Note that, once you add the above rules to ipf.conf
file, you will have to reload the rules.

# /sbin/ipf -Fa -f ipf.conf

- Biswajit

:-)

Robert Bennett_3 · ‎04-11-2005

Here's a nice how-to

http://www.obfuscation.org/ipf/ipf-howto.html

"All there is to thinking is seeing something noticeable which makes you see something you weren't noticing which makes you see something that isn't even visible." - Norman Maclean

Biswajit Tripathy · ‎04-11-2005

Robert Bennette wrote:
> Here's a nice how-to
> http://www.obfuscation.org/ipf/ipf-howto.html

That how-to is for public domain version. While this doc
is perfect for most of the configurations, you should
be looking at the following doc if you are using IPFilter
packaged with HP-UX. HP IPFilter has a major
feature called Dynamic Connection Allocation (DCA)
(section 3 of following doc).

http://www.docs.hp.com/en/B9901-90021/index.html

- Biswajit

:-)

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: ipf.conf

ipf.conf

Re: ipf.conf

Re: ipf.conf

Re: ipf.conf

Re: ipf.conf