DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Configuring IP Filtering (IPfilter)

Configuring IP Filtering (IPfilter)

IP Filter provides complete and flexible firewall capabilities. It includes support for Network Address Translation (NAT), also known as IP Masquerading, including port translation. The combination of address and port translation is sometimes called NPAT (Network and Port Translation).

The SCO implementation of IP Filter provided in earlier releases is no longer supported.

The current IP Filter interface is described in the IP filter HowTo and in the following manual pages:


ipf(ADMN)

ipf(ADMP)

ipf(SFF)

ipfilter(M)

ipfs(ADMN)

ipfstat(TC)

ipl(ADMP)

ipmon(SFF)

ipnat(ADMN)

ipnat(ADMP)

ipnat(SFF)

Note that the ipftest command is not supported in this implementation.

IP Filter is installed by default, but not enabled. To enable IP Filter, enter the following command, as root:

   mkdev ipf

This will install default IP Filter rules into the kernel and start IP Filtering. You can display the current incoming and outgoing filter rules using ipfstat:

   ipfstat -io

See ipf(SFF) for filter rule syntax. Use the ipf(ADMN) command to set and remove filter rules.


© 2007 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 05 June 2007