HPE Community
Operating System - HP-UX
1825766 Members
2175 Online
109687 Solutions
New Discussion

Re: Is it possible block certain port ? (HP-UX 11)

 
JI HUI
Frequent Advisor

‎12-03-2001 02:23 AM

‎12-03-2001 02:23 AM

Is it possible block certain port ? (HP-UX 11)

Sorry for blank message.

Is it possible to block certain traffic based on port? For example, only http traffic is allowed from this machine but no ftp traffic is allowed?

I know it could be done by implementing external firewall?

Is it possible to implement this at HP-UX itself?
Nothing is everything
0 Kudos
Reply
8 REPLIES 8
Santosh Nair_1
Honored Contributor

‎12-03-2001 02:51 AM

‎12-03-2001 02:51 AM

Re: Is it possible block certain port ? (HP-UX 11)

As far as I know, there is no way to block an outgoing port from the HP side. The alternative would be to remove the execute permissions for these programs, i.e. ftp, telnet, etc. But most smart users will quickly realize that they can copy the executable from somewhere else and make use of it from their home directory.

-Santosh
Life is what's happening while you're busy making other plans
0 Kudos
Reply
Eugen Cocalea
Respected Contributor

‎12-03-2001 03:02 AM

‎12-03-2001 03:02 AM

Re: Is it possible block certain port ? (HP-UX 11)

Hi,

On Santosh's solution, I can add 'and mount their home directories partition with 'no exec' option' but this is beginning to be BOFH ;)

E.
To Live Is To Learn
0 Kudos
Reply
Duncan Edmonstone
HPE Pro

‎12-03-2001 03:09 AM

‎12-03-2001 03:09 AM

Re: Is it possible block certain port ? (HP-UX 11)

Have a look at IPSEC/9000 - its a free product on the application CDs.

Ostensibly its for creating secure connections, and doing VPN tunneling, but if you look at how the rules work, its entirely possible to define rules that just completely block outgoing connections on certain ports...

HTH

Duncan

I am an HPE Employee
Accept or Kudo
0 Kudos
Reply
Santosh Nair_1
Honored Contributor

‎12-03-2001 03:48 AM

‎12-03-2001 03:48 AM

Re: Is it possible block certain port ? (HP-UX 11)

Actually, I had forgotten that HP also is shipping IPFilter/9000 on the March application CD. Its alpha version of the software, but it should do what you're looking to do. More info in the following links:

http://docs.hp.com/hpux/internet/#IPFilter/9000
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x6cfca12d6d27d5118fef0090279cd0f9,00.html

-Santosh
Life is what's happening while you're busy making other plans
0 Kudos
Reply
Manoj Kumar Sarangi
Advisor

‎12-03-2001 04:45 AM

‎12-03-2001 04:45 AM

Re: Is it possible block certain port ? (HP-UX 11)

Yes,
This is very much possible. Go to /etc/inetd.conf and comment out the ftp line. Get the daemon to re-read the inetd.conf file by isssuing a command

inetd -c

You can do this for other services too.

Other than this if you want to restrict access to a chosen no of hosts you can use TCP Wrappers
ftp://ftp.cerias.purdue.edu/pub/tools/unix/netutils/tcp_wrappers/tcp_wrappers_7.6.tar.gz
the above applies to services started by inetd. For all other services(standalone) you can stop and disable them manualy in the files (most of them) in /sbin/init.d directory.

Hope this helps..

Manoj
0 Kudos
Reply
Santosh Nair_1
Honored Contributor

‎12-03-2001 05:13 AM

‎12-03-2001 05:13 AM

Re: Is it possible block certain port ? (HP-UX 11)

Manoj,

As I understand the question, the author is asking how to block outbound connections, i.e. a user telnetting out of the machine to another machine...which is very different from blocking inbound connections, i.e. a user telnetting into the machine.

-Santosh
Life is what's happening while you're busy making other plans
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎12-03-2001 05:29 AM

‎12-03-2001 05:29 AM

Re: Is it possible block certain port ? (HP-UX 11)

You could change the execute permissions on ftp, telnet, etc...

also, consider reading and implementing this:

http://people.hp.se/stevesk/bastion.html

live free or die
harry
Live Free or Die
0 Kudos
Reply
Darrell Allen
Honored Contributor

‎12-03-2001 05:31 AM

‎12-03-2001 05:31 AM

Re: Is it possible block certain port ? (HP-UX 11)

Hi,

If you are trying to block connections initiated from a remote system to your HP server, check into using /var adm/inetd.sec (man inetd.sec) on the HP.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.