HPE Community
Operating System - HP-UX
1829373 Members
1899 Online
109991 Solutions
New Discussion

Re: Ipfilter ipf.conf file

 
Erick T. Mitchell
Occasional Contributor

‎01-31-2005 07:51 AM

‎01-31-2005 07:51 AM

Ipfilter ipf.conf file

Ipfilter Experts,
Using ipfilter what's the correct syntax in the ipf.conf file to allow a range of subnets access to different ip addresses...
>>>>>>>>>>>>>>>>>>>>>>>>>>>.
pass in from 111.111.111.1 to any
pass in from 222.222.222.1 to 333.333.333.3
The goal here is to have half of the subnets entering my server to view webserver A and the other range view webserver B
0 Kudos
Reply
6 REPLIES 6
Biswajit Tripathy
Honored Contributor

‎01-31-2005 08:15 AM

‎01-31-2005 08:15 AM

Re: Ipfilter ipf.conf file

If I understand the question correctly, try these rules:

---------
pass in quick proto tcp from 111.111.111.0/24 to SERVER_A_IP port = 80 keep state
pass in quick proto tcp from 222.222.222.1-333.333.333.3 to SERVER_B_IP port = 80 keep state
block in quick proto tcp from any to any port = 80
-------------

The first rule wil allow all addresses in 111.111.111.0/24
subnet to server A and second rule will allow all addresses
in range 222.222.222.1 to 333.333.333.3 to server B.
Every other source IP will be blocked.

- Biswajit
:-)
0 Kudos
Reply
Biswajit Tripathy
Honored Contributor

‎01-31-2005 09:09 AM

‎01-31-2005 09:09 AM

Re: Ipfilter ipf.conf file

Erick,

it would be nice to know if that solution worked or not.
If not what was wrong or did I misunderstand the
question completely.

- Biswajit
:-)
0 Kudos
Reply
Erick T. Mitchell
Occasional Contributor

‎01-31-2005 09:23 AM

‎01-31-2005 09:23 AM

Re: Ipfilter ipf.conf file

Sure Biswajit,
I will be testing this during my maintenace window tonight and I will update you.
Erick
0 Kudos
Reply
TwoProc
Honored Contributor

‎01-31-2005 11:16 AM

‎01-31-2005 11:16 AM

Re: Ipfilter ipf.conf file

A side-note - Erick, is this a distribution of IPfilter for HPUX?
We are the people our parents warned us about --Jimmy Buffett
0 Kudos
Reply
Biswajit Tripathy
Honored Contributor

‎01-31-2005 11:39 AM

‎01-31-2005 11:39 AM

Re: Ipfilter ipf.conf file

John:
> A side-note - Erick, is this a distribution of IPfilter for HPUX?

I would guess so. The IP range solution (with a '-'
between two IP addresses) is supported only in HP's
IPFilter and not supported in the public domain
version.

- Biswajit
:-)
0 Kudos
Reply
TwoProc
Honored Contributor

‎02-01-2005 12:38 AM

‎02-01-2005 12:38 AM

Re: Ipfilter ipf.conf file

Biswalt - I was losing a little bit - I've been interested in getting IP tables working - and had been looking to see if it was ported/working on HPUX. When I saw your post re: IPfilter , I got the names confused and was hoping I had finally found someone who was implementing IPtables...
We are the people our parents warned us about --Jimmy Buffett
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.