Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

firewall for AIX (similar to iptables for linux)

Posted on 2011-09-05
7
Medium Priority
?
6,076 Views
Last Modified: 2013-11-17
Is Ipsec the firewall for AIX boxes?
Can I install a simpler firewall on AIX?

I took a look to ipsec and it's very difficult for me... it hasn't simples rules as iptables for linux..

Where can I find a minimun steps by steps to, activate ipsec, load rules for blocking/unblocking TPC and UDp ports and disable ipsec?

Thanks...
0
Comment
Question by:sminfo
  • 4
  • 3
7 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 2000 total points
ID: 36483404
Hi again,

as far as I know there is no firewall for AIX out there, except for IPSEC and IPFILTER (IPFL) which are shipped with AIX.

In former days there was an iptables based AIX firewall (SecureWays) from IBM, but this one has been retired and never reached AIX 5.

This old redbook mentions, apart from SecureWays, the Checkpoint Firewall-1, but I'm rather sure that this product isn't available anymore either.

http://www.redbooks.ibm.com/abstracts/sg245971.html

Remains IPSEC and IPFL. IPSEC is in bos.net.ipsec.rte, and IPFL is in ipfl.rte from the expansion DVD.

IPFL is based on the Open Source Software called IPFilter, so you might want to look at its documentation, which is here:

http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.security/doc/security/ipsec_filters_aix.htm

Here is a tiny FAQ:

https://www-304.ibm.com/support/docview.wss?uid=isg3T1011699

and here are the original docs:

http://coombs.anu.edu.au/~avalon/

containing a HOWTO:

http://www.obfuscation.org/ipf/ipf-howto.txt

Finally, here is the whole IPSEC stuff:

http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.security/doc/security/ipsec.htm

Good luck!

wmp


0
 

Author Comment

by:sminfo
ID: 36483866
Umm I see wmp... I believe IPF is what I'm looking for.. I heard about IPFilter in my beginnings with Tru64 UNIX, but never used at that time.

One more question.. the DVD expansion is the same for AIX 7.1 or 6.1 or 5.3?

Thanks..
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 2000 total points
ID: 36483928
AIX 5 and AIX 6 are shipped with their own Expansion Packs, respectively.

AIX 7 doesn't come with such a DVD, for which reasons ever, although there is a Pack available.

If you have an ESS entitlement you can download a TGZ file here:

https://www-304.ibm.com/servers/eserver/ess/ProtectedServlet.wss

Anyway, the newest IPFL version available for AIX is 4.1.13, and I strongly assume that this same version is contained on the AIX 5 as well as on the AIX 6 or 7 Packs.

wmp

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Closing Comment

by:sminfo
ID: 36484024
Yes wmp.. I installed ipfilter from AIX 7.1 expansion

[root@testaix:/] lslpp -l|grep ipf
  ipfl.man.en_US             5.3.0.0  COMMITTED  IP Filters Documentation -
  ipfl.rte                   5.3.0.0  COMMITTED  IP Filters

Now, I'll read abour it.. I have worked a lot with iptables, so I think it should be easier for me..

Thanks..
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 36484033
Ok, I just checked ...

The ipfl.rte installp package version is always 5.3.0.0 on all available Expansion Packs (starting with AIX 5.3 TL 7 or so),
and this package always contains IPFilter 4.1.13 as of end 2001.

So no need to care about which pack to use.

Thx for the points!

wmp
0
 

Author Comment

by:sminfo
ID: 36484051
umm.. how can you check that version 4.1.13?

I saw also ipfilter is on version 5.1,  can I compile it on AIX?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 36484116
ipf -V

Compiling? Never tried it, could become an interesting project ...

Joke aside, I think it should be possible to compile it, given you have GCC, gmake and all that.

But as I said - never tried it.



0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question