Solved

firewall for AIX (similar to iptables for linux)

Posted on 2011-09-05
7
5,275 Views
Last Modified: 2013-11-17
Is Ipsec the firewall for AIX boxes?
Can I install a simpler firewall on AIX?

I took a look to ipsec and it's very difficult for me... it hasn't simples rules as iptables for linux..

Where can I find a minimun steps by steps to, activate ipsec, load rules for blocking/unblocking TPC and UDp ports and disable ipsec?

Thanks...
0
Comment
Question by:sminfo
  • 4
  • 3
7 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 36483404
Hi again,

as far as I know there is no firewall for AIX out there, except for IPSEC and IPFILTER (IPFL) which are shipped with AIX.

In former days there was an iptables based AIX firewall (SecureWays) from IBM, but this one has been retired and never reached AIX 5.

This old redbook mentions, apart from SecureWays, the Checkpoint Firewall-1, but I'm rather sure that this product isn't available anymore either.

http://www.redbooks.ibm.com/abstracts/sg245971.html

Remains IPSEC and IPFL. IPSEC is in bos.net.ipsec.rte, and IPFL is in ipfl.rte from the expansion DVD.

IPFL is based on the Open Source Software called IPFilter, so you might want to look at its documentation, which is here:

http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.security/doc/security/ipsec_filters_aix.htm

Here is a tiny FAQ:

https://www-304.ibm.com/support/docview.wss?uid=isg3T1011699

and here are the original docs:

http://coombs.anu.edu.au/~avalon/

containing a HOWTO:

http://www.obfuscation.org/ipf/ipf-howto.txt

Finally, here is the whole IPSEC stuff:

http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.security/doc/security/ipsec.htm

Good luck!

wmp


0
 

Author Comment

by:sminfo
ID: 36483866
Umm I see wmp... I believe IPF is what I'm looking for.. I heard about IPFilter in my beginnings with Tru64 UNIX, but never used at that time.

One more question.. the DVD expansion is the same for AIX 7.1 or 6.1 or 5.3?

Thanks..
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 500 total points
ID: 36483928
AIX 5 and AIX 6 are shipped with their own Expansion Packs, respectively.

AIX 7 doesn't come with such a DVD, for which reasons ever, although there is a Pack available.

If you have an ESS entitlement you can download a TGZ file here:

https://www-304.ibm.com/servers/eserver/ess/ProtectedServlet.wss

Anyway, the newest IPFL version available for AIX is 4.1.13, and I strongly assume that this same version is contained on the AIX 5 as well as on the AIX 6 or 7 Packs.

wmp

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Closing Comment

by:sminfo
ID: 36484024
Yes wmp.. I installed ipfilter from AIX 7.1 expansion

[root@testaix:/] lslpp -l|grep ipf
  ipfl.man.en_US             5.3.0.0  COMMITTED  IP Filters Documentation -
  ipfl.rte                   5.3.0.0  COMMITTED  IP Filters

Now, I'll read abour it.. I have worked a lot with iptables, so I think it should be easier for me..

Thanks..
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 36484033
Ok, I just checked ...

The ipfl.rte installp package version is always 5.3.0.0 on all available Expansion Packs (starting with AIX 5.3 TL 7 or so),
and this package always contains IPFilter 4.1.13 as of end 2001.

So no need to care about which pack to use.

Thx for the points!

wmp
0
 

Author Comment

by:sminfo
ID: 36484051
umm.. how can you check that version 4.1.13?

I saw also ipfilter is on version 5.1,  can I compile it on AIX?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 36484116
ipf -V

Compiling? Never tried it, could become an interesting project ...

Joke aside, I think it should be possible to compile it, given you have GCC, gmake and all that.

But as I said - never tried it.



0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
sort command HPUX 11 65
AIX Server 10 78
dot directory in FreeBSD??? 4 72
help pulling data string using Awk 9 62
Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now