What is a iptables in hp ux (4842 Views)
Reply
Regular Advisor
aamir4u
Posts: 165
Registered: ‎10-20-2011
Message 1 of 3 (4,842 Views)

What is a iptables in hp ux

Hello,

 

What is a iptables in hp ux or how to cheak firewall setting

and ip tables rules.

 

Please give me examples and commands to works.

 

 

Thanks
aamir uddin
Frequent Advisor
basant
Posts: 52
Registered: ‎08-04-2011
Message 2 of 3 (4,834 Views)

Re: What is a iptables in hp ux

[ Edited ]

IPTABLES are not used in hpux , iptables used only in linux.

 

Using Ipfilter to block connections from an external machine to our HPUX box

Hi,

This is a quick introduction to Ipfilter on HP-UX:

First we have to start the daemons and load the DLKM module

in the file /etc/rc.config.d/ipfconf

we set the IPF_START to 1

IPF_START=1

Then we load the kernel module

# /sbin/init.d/ipfboot start
Set 0 now inactive
Set 0 now inactive
0 entries flushed from NAT table
0 entries flushed from NAT list

we can check the kernel module is loaded:

# kcmodule| grep ipf
ipf loaded explicit auto-loadable, unloadable

then we check ipf is working ok:

# ipf -V
ipf: HP IP Filter: v3.5alpha5 (A.11.23.15.01) (376)
Kernel: HP IP Filter: v3.5alpha5 (A.11.23.15.01)
Running: yes <---- OK
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1

know we can write the firewall rules to our config file:

# vi /etc/opt/ipf/ipf.conf

we are going to use a very easy example, we we block any incoming conections from the server 0189 to our HP-UX box

block in quick on lan0 from 0189 to any
pass in from any to any

using the quick keyword makes the package that matches that rule will be applied inmediatly, no going trough anymore rules.

We load the new config:

#ipf -Fa -f /etc/opt/ipf/ipf.conf

Check if our rules are active:

# ipfstat -io
empty list for ipfilter(out)
block in quick on lan0 from 1.7.2.3/23 to any
pass in from any to any

Now i can't ssh,ping,etc the HPUX_BOX from my pc desktop:

P:\>ping HPUX_BOX

Haciendo ping a HPUX_BOX [1.7.2.23] con 32 bytes de datos:

Tiempo de espera agotado para esta solicitud.
Tiempo de espera agotado para esta solicitud.
Tiempo de espera agotado para esta solicitud.
Tiempo de espera agotado para esta solicitud.

Estadísticas de ping para 1.7.2.23 :
Paquetes: enviados = 4, recibidos = 0, perdidos = 4
(100% perdidos),

We can check out the stats and see how the blocked counter increases:

[root@vmfcont:~]# ipfstat | grep -i blocked
input packets: blocked 7 passed 13677 nomatch 1 counted 0 short 0
output packets: blocked 0 passed 570 nomatch 268 counted 0 short 0

If we wan't to flush the rules and delete them from the active ipf:

# ipf -Fa
# ipfstat -io
empty list for ipfilter(out)
empty list for ipfilter(in)

For more info:

http://www.docs.hp.com/en/B9901-90029/index.html

Basant Sharma
Frequent Advisor
basant
Posts: 52
Registered: ‎08-04-2011
Message 3 of 3 (4,819 Views)

Re: What is a iptables in hp ux

Hi make entry of ip address in /etc/host.allow & /etc/host.deny or Use ip filter to block a particular ip in HPUX. if not installed download & install to your hpux server . To configure IPFilter to pass or block packets based on their source IP address, use the from ip_address keyword. For example: block in quick from 192.168.0.0 to any for details refer this link http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c02033615/c02033615.pdf Basant Sharma
Basant Sharma
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.