- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: ipf -D persistent
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-23-2010 11:55 PM
тАО06-23-2010 11:55 PM
ipf -D persistent
I'm using IPFilter v. 16 on HP-UX 11.31.
I would like to disable IPFilter processing for the heartbeat interfaces (Oracle RAC cluster).
I know "ipf -D interface" does the trick but the change is not persistent (next reboot will clear the exception).
I was considering adding the command to /sbin/init.d/ipfboot but I would like to know before if there is another way to do it.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-24-2010 10:59 AM
тАО06-24-2010 10:59 AM
Re: ipf -D persistent
Maybe I'm not understanding what you want to do. Can you just not start it? Edit the /etc/rc.config.d/ipfconf file and make IPF_START=0 instead of =1.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-25-2010 11:00 PM
тАО06-25-2010 11:00 PM
Re: ipf -D persistent
- lan900 to the corporate network
- lan901 tp the heartbeat network.
I want IPfilter to monitor lan900 but to exempt lan901.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-28-2010 06:25 AM
тАО06-28-2010 06:25 AM
Re: ipf -D persistent
block in quick on lan0 proto udp from any to any port = netbios_ns
This "block in" command for udp packets will only be applied to lan0. If all your rules are set to work on lan901, then lan900 will be ignored. If you had the following:
block in quick proto udp from any to any port = netbios_ns
then all lans would be filtered.
Fred
Fred
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-28-2010 06:34 AM
тАО06-28-2010 06:34 AM
Re: ipf -D persistent
In fact, as a workaround, we are doing:
pass out quick on lan901
pass in quick on lan901
The matter is: this way, IPFilter does process all packets from lan901, although allowing them to pass.
However, my understanding is that "ipf -D lan901" does not process packets from lan901.