Chapter 1. About IPFilter

IPFilter is software that provides stateful packet filtering, enabling firewall and Network Address Translation (NAT) functionalities.

Rules are set up to specify which packets are denied or permited through the firewall. Keywords can be used to distinguish which interface a packet is associated with (either as a destination or as a result of route processing or a packet's receipt location).

IPFilter can be configured to filter using several IP header fields (described below). These filters are set when the rules are established:

IPFilter can also perform the following functions:

A logging device is also available to track the functioning of IPFilter. This device supports logging of TCP/UDP/ICMP IP packet headers and the first 129 bytes of the packet when a packet is successfully passed through, when it is blocked and when a match is made for suspicious packets.

For a complete description of IPFilter functionality, see the IPFilter documentation and descriptions at .

For a summary of IPFilter functionality and IRIX kernel information, see Chapter 2, “Setting Up IPFilter on IRIX Systems”.

For details about the command line tools used with IPFilter, see Chapter 3, “IPFilter Commands and Tools”.

Note: IPFilter should not be run with ipfilterd (part of the SGI eoe.sw.ipgate release). See the release notes provided with IPFilter for details.