HPE Community
Operating System - HP-UX
1819884 Members
2736 Online
109607 Solutions
New Discussion юеВ

IPFilter on HP-UX

 
pooderbill
Valued Contributor

тАО04-03-2023 01:33 PM - last edited on тАО04-05-2023 04:28 AM by

тАО04-03-2023 01:33 PM - last edited on тАО04-05-2023 04:28 AM by

IPFilter on HP-UX

Anyone using IPFilter?
I have a really easy filter requirement.
I have a list of ports that must be blocked except for a couple of server IP addresses.
The 130 page manual for IPFilter has lots of complex examples, but nne come close to what I need.

In words: Block all access to ports 34567-34599 but allow IPaddr 12.34.56.78 to get through.

0 Kudos
Reply
4 REPLIES 4
Vinky_99
Esteemed Contributor

тАО04-04-2023 11:44 PM

тАО04-04-2023 11:44 PM

Re: IPFilter on HP-UX

@pooderbill 

You might achieve your filtering requirement using IPFilter on HP-UX by following these steps:

  1. Install IPFilter on your HP-UX system if it is not already installed.

  2. Create a new configuration file for IPFilter, e.g. /etc/ipf.conf, and add the following rules to it: 

    # Block all traffic on ports 34567-34599
    block in proto tcp from any to any port 34567-34599

    # Allow traffic from IP address 12.34.56.78 on any port
    pass in proto tcp from 12.34.56.78 to any keep state

  3. Load the new IPFilter rules by running the following command:
    ipf -Fa -f /etc/ipf.conf
    This will flush the existing rules and load the new rules from the ipf.conf file.
  4. Verify that the IPFilter rules are in effect by checking the output of the following command:

    ipfstat -io

 

You should see the two rules you added in the output.

With these rules, all incoming traffic to ports 34567-34599 will be blocked, except for traffic from IP address 12.34.56.78, which will be allowed on any port.

These are my opinions so use it at your own risk.
0 Kudos
Reply
pooderbill
Valued Contributor

тАО04-06-2023 10:46 AM

тАО04-06-2023 10:46 AM

Re: IPFilter on HP-UX

I didn't explain the requirement very well.

The source machine needs the filter.
So, on the source machine, I want specific ports to connect to specific IPs and refuse any other machines.
So for ports 34567 and 34577, don't allow any machine to connect except 12.34.56.78 and 23.45.67.89.

Thus a port scan aimed at the source machine will find those 2 ports always refusing connection.
But the two IP addresses can open the two ports on the source machine.

0 Kudos
Reply
Vinky_99
Esteemed Contributor

тАО04-19-2023 12:57 AM

тАО04-19-2023 12:57 AM

Re: IPFilter on HP-UX

@pooderbill 

Thank you for clarifying your requirement. Follow the above #1, #3, and #4th steps.

For Step #2, follow below: 


Create a new configuration file for IPFilter, e.g. /etc/ipf.conf, and add the following rules to it:

# Block all incoming traffic by default
block in all

# Allow incoming traffic on port 34567 from IP addresses 12.34.56.78 and 23.45.67.89
pass in proto tcp from {12.34.56.78, 23.45.67.89} to any port 34567 keep state

# Allow incoming traffic on port 34577 from IP addresses 12.34.56.78 and 23.45.67.89
pass in proto tcp from {12.34.56.78, 23.45.67.89} to any port 34577 keep state

You should see the three rules you added in the output.

 

With these rules, all incoming traffic to your source machine will be blocked by default. However, traffic from IP addresses 12.34.56.78 and 23.45.67.89 will be allowed to connect to ports 34567 and 34577, while all other machines will be refused connection to these ports. This will effectively prevent port scanning on these two ports, and only the two specified IP addresses will be able to connect to them.

Hope this help! Let me know

 

 

These are my opinions so use it at your own risk.
0 Kudos
Reply
georgek_1
HPE Pro

тАО04-19-2023 07:34 AM

тАО04-19-2023 07:34 AM

Re: IPFilter on HP-UX

Hello Vinky_99

1)block out quick on lan0 all head 150
pass out quick on lan0 from any to 12.34.56.78 port 34567 >< 34599 group 150

 

2)pass out on lan0 all head 150
pass out quick on lan0 from any to 12.34.56.78 port 34567 >< 34599 group 150
block out quick on lan0 from any to any port 34567 >< 34599 group 150

 

3)pass out on lan0 all head 150
pass out quick on lan0 from any to 12.34.56.78 port 34567 >< 34599 head 151 group 150
pass out quick on lan0  group 151
block out quick on lan0 from any to any port 34567 >< 34599 group 150

 

4)block out on lan0 all head 150
block out quick on lan0 from any to 12.34.56.78 port 34567 >< 34599 head 151 group 150
pass out  quick on lan0 all group 151
block out quick on lan0 from any to any port 34567 >< 34599 group 150

block out on lan0 all head 150


5)block out quick on lan0 from any to any port 34567 >< 34599 head 151 group 150
pass out  quick on lan0 from any to 12.34.56.78  group 151

You may try one of the above and see which one works for you .

 

I work for HPE/ I am an HPE Employee (HPE Community)



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.