?
Solved

firewall for AIX (similar to iptables for linux)

Posted on 2011-09-05
7
Medium Priority
?
5,804 Views
Last Modified: 2013-11-17
Is Ipsec the firewall for AIX boxes?
Can I install a simpler firewall on AIX?

I took a look to ipsec and it's very difficult for me... it hasn't simples rules as iptables for linux..

Where can I find a minimun steps by steps to, activate ipsec, load rules for blocking/unblocking TPC and UDp ports and disable ipsec?

Thanks...
0
Comment
Question by:sminfo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 2000 total points
ID: 36483404
Hi again,

as far as I know there is no firewall for AIX out there, except for IPSEC and IPFILTER (IPFL) which are shipped with AIX.

In former days there was an iptables based AIX firewall (SecureWays) from IBM, but this one has been retired and never reached AIX 5.

This old redbook mentions, apart from SecureWays, the Checkpoint Firewall-1, but I'm rather sure that this product isn't available anymore either.

http://www.redbooks.ibm.com/abstracts/sg245971.html

Remains IPSEC and IPFL. IPSEC is in bos.net.ipsec.rte, and IPFL is in ipfl.rte from the expansion DVD.

IPFL is based on the Open Source Software called IPFilter, so you might want to look at its documentation, which is here:

http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.security/doc/security/ipsec_filters_aix.htm

Here is a tiny FAQ:

https://www-304.ibm.com/support/docview.wss?uid=isg3T1011699

and here are the original docs:

http://coombs.anu.edu.au/~avalon/

containing a HOWTO:

http://www.obfuscation.org/ipf/ipf-howto.txt

Finally, here is the whole IPSEC stuff:

http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.security/doc/security/ipsec.htm

Good luck!

wmp


0
 

Author Comment

by:sminfo
ID: 36483866
Umm I see wmp... I believe IPF is what I'm looking for.. I heard about IPFilter in my beginnings with Tru64 UNIX, but never used at that time.

One more question.. the DVD expansion is the same for AIX 7.1 or 6.1 or 5.3?

Thanks..
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 2000 total points
ID: 36483928
AIX 5 and AIX 6 are shipped with their own Expansion Packs, respectively.

AIX 7 doesn't come with such a DVD, for which reasons ever, although there is a Pack available.

If you have an ESS entitlement you can download a TGZ file here:

https://www-304.ibm.com/servers/eserver/ess/ProtectedServlet.wss

Anyway, the newest IPFL version available for AIX is 4.1.13, and I strongly assume that this same version is contained on the AIX 5 as well as on the AIX 6 or 7 Packs.

wmp

0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Closing Comment

by:sminfo
ID: 36484024
Yes wmp.. I installed ipfilter from AIX 7.1 expansion

[root@testaix:/] lslpp -l|grep ipf
  ipfl.man.en_US             5.3.0.0  COMMITTED  IP Filters Documentation -
  ipfl.rte                   5.3.0.0  COMMITTED  IP Filters

Now, I'll read abour it.. I have worked a lot with iptables, so I think it should be easier for me..

Thanks..
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 36484033
Ok, I just checked ...

The ipfl.rte installp package version is always 5.3.0.0 on all available Expansion Packs (starting with AIX 5.3 TL 7 or so),
and this package always contains IPFilter 4.1.13 as of end 2001.

So no need to care about which pack to use.

Thx for the points!

wmp
0
 

Author Comment

by:sminfo
ID: 36484051
umm.. how can you check that version 4.1.13?

I saw also ipfilter is on version 5.1,  can I compile it on AIX?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 36484116
ipf -V

Compiling? Never tried it, could become an interesting project ...

Joke aside, I think it should be possible to compile it, given you have GCC, gmake and all that.

But as I said - never tried it.



0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Suggested Courses
Course of the Month12 days, 6 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question