ClusterPack Tutorial
HP-UX IPFilter Validation
HP-UX IPFilter is installed with the default HP-UX 11i V2 TCOE bundle. To validate its installation, ru
n
the following command:
%
swverify B9901AA
Automatic setup of HP-UX IPFilter rules
ClusterPack V2.3 provides a utility called nat.server to automatically set up the NAT rules, based on the
cluster configuration. This tool can be invoked as follows:
%
/opt/clusterpack/lbin/nat.server
Manually setting up the HP-UX IPFilter and NAT rules
Setup the HP-UX IPFilter filtering rules
In this section, we will walk through the steps of setting up HP-UX IPFilter pass through all of the packe
t
For more complicated filtering rules, please refer to the HP-UX IPFilter documentation.
z
Create a file with pass-through rules
% cat << EOF > /tmp/filter.rules
pass in all
pass out all
EOF
% cat /tmp/filter.rules
pass in all
pass out all
To create more complicated rules, please refer to the HP-UX IPFilter documentation.
http://docs.hp.com/hpux/internet/index.html#IPFilter/9000
z
Enable filtering based on this rule set
% ipf -f /tmp/filter.rules
Note:
If there is an existing rule set, a new rule set can be loaded using:
%
ipf -Fa -f /tmp/filter.rules
z
For more complicated manipulations of the rule sets, refer to the ipf(5) and ipf(8) man
pages.
%
man 5 ipf