Solved

firewall for AIX (similar to iptables for linux)

Posted on 2011-09-05
7
5,199 Views
Last Modified: 2013-11-17
Is Ipsec the firewall for AIX boxes?
Can I install a simpler firewall on AIX?

I took a look to ipsec and it's very difficult for me... it hasn't simples rules as iptables for linux..

Where can I find a minimun steps by steps to, activate ipsec, load rules for blocking/unblocking TPC and UDp ports and disable ipsec?

Thanks...
0
Comment
Question by:sminfo
  • 4
  • 3
7 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
Comment Utility
Hi again,

as far as I know there is no firewall for AIX out there, except for IPSEC and IPFILTER (IPFL) which are shipped with AIX.

In former days there was an iptables based AIX firewall (SecureWays) from IBM, but this one has been retired and never reached AIX 5.

This old redbook mentions, apart from SecureWays, the Checkpoint Firewall-1, but I'm rather sure that this product isn't available anymore either.

http://www.redbooks.ibm.com/abstracts/sg245971.html

Remains IPSEC and IPFL. IPSEC is in bos.net.ipsec.rte, and IPFL is in ipfl.rte from the expansion DVD.

IPFL is based on the Open Source Software called IPFilter, so you might want to look at its documentation, which is here:

http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.security/doc/security/ipsec_filters_aix.htm

Here is a tiny FAQ:

https://www-304.ibm.com/support/docview.wss?uid=isg3T1011699

and here are the original docs:

http://coombs.anu.edu.au/~avalon/

containing a HOWTO:

http://www.obfuscation.org/ipf/ipf-howto.txt

Finally, here is the whole IPSEC stuff:

http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.security/doc/security/ipsec.htm

Good luck!

wmp


0
 

Author Comment

by:sminfo
Comment Utility
Umm I see wmp... I believe IPF is what I'm looking for.. I heard about IPFilter in my beginnings with Tru64 UNIX, but never used at that time.

One more question.. the DVD expansion is the same for AIX 7.1 or 6.1 or 5.3?

Thanks..
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 500 total points
Comment Utility
AIX 5 and AIX 6 are shipped with their own Expansion Packs, respectively.

AIX 7 doesn't come with such a DVD, for which reasons ever, although there is a Pack available.

If you have an ESS entitlement you can download a TGZ file here:

https://www-304.ibm.com/servers/eserver/ess/ProtectedServlet.wss

Anyway, the newest IPFL version available for AIX is 4.1.13, and I strongly assume that this same version is contained on the AIX 5 as well as on the AIX 6 or 7 Packs.

wmp

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Closing Comment

by:sminfo
Comment Utility
Yes wmp.. I installed ipfilter from AIX 7.1 expansion

[root@testaix:/] lslpp -l|grep ipf
  ipfl.man.en_US             5.3.0.0  COMMITTED  IP Filters Documentation -
  ipfl.rte                   5.3.0.0  COMMITTED  IP Filters

Now, I'll read abour it.. I have worked a lot with iptables, so I think it should be easier for me..

Thanks..
0
 
LVL 68

Expert Comment

by:woolmilkporc
Comment Utility
Ok, I just checked ...

The ipfl.rte installp package version is always 5.3.0.0 on all available Expansion Packs (starting with AIX 5.3 TL 7 or so),
and this package always contains IPFilter 4.1.13 as of end 2001.

So no need to care about which pack to use.

Thx for the points!

wmp
0
 

Author Comment

by:sminfo
Comment Utility
umm.. how can you check that version 4.1.13?

I saw also ipfilter is on version 5.1,  can I compile it on AIX?
0
 
LVL 68

Expert Comment

by:woolmilkporc
Comment Utility
ipf -V

Compiling? Never tried it, could become an interesting project ...

Joke aside, I think it should be possible to compile it, given you have GCC, gmake and all that.

But as I said - never tried it.



0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now