SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-05-2008, 06:05 AM
| ||||
| ||||
 Ipfilter in AIX, or AIX IPsec CLI Hello All, There are 2 questions here, and the second one is not IPFilter related. Sorry for crossposting, I believe it still may make sense. 1. Has anyone tried to port IPFilter to AIX? I know there is no official port, but I've discovered this too late, after having suggested to use IPFilter for local filtering on all hosts in AIX campus. 1a. For some of Solaris campuses where IPFilter is deployed on every host for local filtering, we are trying to design a mechanism to manage all ipf rules centrally. Are we reinventing the wheel? 2. Now, the AIX question. Sorry, I am a Solais guy but have to deal with this AIX campus, anyway. As alternative to IPFilter we may have to consider the AIX built-it stateles filter that comes with *.IPsec.rte fileset. I have just started playing with it, and installation manual suggests to use smit at some points of installation process. We really need a CLI-only installation. And, for centralized management, we would prefere to disrtibute the rules (hopefully, in the form of ASCII files) rather that run configuration commands again and again on every host whenever the rule changes. However, neither location nor format of those rule files are described in the manuals. Any ideas, please? Thanks, Andrei      |
|
01-05-2008, 06:05 AM
| ||||
| ||||
| Re: Ipfilter in AIX, or AIX IPsec CLI Hello World, aryzhov@spasu.net wrote: > > 2. Now, the AIX question. Sorry, I am a Solais guy but > have to deal with this AIX campus, anyway. > As alternative to IPFilter we may have to consider the AIX > built-it stateles filter that comes with *.IPsec.rte fileset. > I have just started playing with it, and installation manual > suggests to use smit at some points of installation process. > We really need a CLI-only installation. Most things in AIX are in fact command-based. Smit is just a way of building commands and firing them off. The tactic is to set a filter rule using Smit, then look in the file called ~root/smit.script for the command and change that to suit your needs. After that it's simply a matter of some well-targeted shell scripting. > And, for centralized management, we would prefere to > disrtibute the rules (hopefully, in the form of ASCII files) > rather that run configuration commands again and again on every host > whenever the rule changes. > > However, neither location nor format of those rule files > are described in the manuals. Any ideas, please? Write a shell script that eats your preferred file format and executes the corresponding commands. You'll need to restart any firewall processes anyway, so you'll have to execute some command. > > Thanks, > Andrei Cheers, Menno |
Linear Mode
