Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IP filtering in AIX

Status
Not open for further replies.
w5000

w5000

Technical User
Nov 24, 2010
223
0
0
PL

hello
anyone could explain why DENY rule does not work in my configuration. For test I wanted to grant ssh (22) for local and one remote host only.

I enabled "IPsec" devices in AIX:

mkdev -c ipsec -t 4
mkfilt -v 4 -u -z p

# lsdev -l ipsec_v4
ipsec_v4 Available IP Version 4 Security Extension

next added filter rules and activated firewall by:
# mkfilt -v4 -u

but this local AIX firewall is still allowing to access port 22/ssh from other than 192.168.3.4 remote hosts.
here is the check and sequence for rules applied:

# ckfilt -v4 -O
Beginning of IPv4 filter rules.
2|*** Dynamic filter placement rule for IKE tunnels ***|no
3|permit|127.0.0.1|0.0.0.0|0.0.0.0|0.0.0.0|yes|tcp|any|0|eq|22|both|inbound|no|all packets|0|all|0|||
4|permit|192.168.3.4|255.255.255.255|0.0.0.0|0.0.0.0|yes|tcp|any|0|eq|22|both|inbound|no|all packets|0|all|0|||
5|deny|0.0.0.0|0.0.0.0|0.0.0.0|0.0.0.0|yes|tcp|any|0|eq|22|both|inbound|no|all packets|0|all|0|||

Am I missing something?
 
Sort by date Sort by votes
Status
Not open for further replies.

Similar threads

A
  • Question
Adding Existing LUN to New LPAR AIX
Replies
0
Views
119
Alvinghost
A
HariharanER
  • Locked
  • Question
Current versions are used in AIX
Replies
0
Views
87
HariharanER
HariharanER
jkc2023
  • Locked
  • Question
AIX TL and SP upgrade
Replies
0
Views
106
jkc2023
jkc2023
sheilar32
  • Locked
  • Question
Migrating from AIX to anything else
Replies
0
Views
94
sheilar32
sheilar32
IBM9595
  • Locked
  • Question
AIX device driver source code
Replies
0
Views
65
IBM9595
IBM9595

Part and Inventory Search

Sponsor

Back
Top