IPSec Firewall AIX
Chek if it's installed:
lslpp -l | grep ipsec
Start:
smit ipsec4 Start/Stop IP Security Start IP Security Start IP Security [Now and After Reboot]
Filter only one IP and one port
Specific network interface:
genfilt -v4 -a D -s 10.149.128.122 -m 255.255.255.0 -d 10.149.128.123 -M 255.255.255.0 -g N -c tcp -o eq -p 80 -r L -w I -l N -f Y -i en0
All interfaces:
genfilt -v4 -a D -s 10.149.128.122 -m 255.255.255.0 -d 10.149.128.123 -M 255.255.255.0 -g N -c tcp -o eq -p 80 -r L -w I -l N -f Y -i all
The same but locally:
genfilt -v4 -a D -s 10.149.128.122 -m 255.255.255.0 -d 10.149.128.123 -M 255.255.255.0 -g N -c tcp -O eq -P 80 -r L -w O -l N -f Y -i en0
The same but locally with all interfaces:
genfilt -v4 -a D -s 10.149.128.122 -m 255.255.255.0 -d 10.149.128.123 -M 255.255.255.0 -g N -c tcp -O eq -P 80 -r L -w O -l N -f Y -i all
¿What meaning the above?
- -v4: use IPv4 rles
- -a D: action Deny
- -s 10.149.128.122: source address
- -m 255.255.255.0: source subnet mask
- -d 10.149.128.123: destination address
- -M 255.255.255.0: destination subnet mask
- -g N: use source routing No
- -c tcp: apply to tcp protocol
- -O eq: destination port condition (lt, le, gt, ge, eq, neq, and any)
- -P: destination port
- -r L: apply the rule for destined and local packets
- -w O: apply the rule for outbound packets
- -l N: no log
- -f Y: Control all packets fragmented or no
- -i all: all interfaces
Apply changes:
mkfilt -g start mkfilt -u
List rules:
lsfilt -a -v4
Restart IPSec:
smit ipsec4
Remove rules
Remove all rules:
rmfilt -v4 -n all mkfilt -g start mkfilt -u