Hi Guys,
Please could you tell me if it is possible to have a single rule/filter to allow a certain port range instead of a separate rule for each port?
I'm sure it must be possible but I am unable to find the syntax.
Thanks
Chris
I didn't work with IPsec yet, though here a try.
If this is what you are using, it seems they define the rules in terms of
... eq 21 gt 1023 ...
where eq seems to be "equal", gt "greater than", lt "less than" etc.
Check out the following link for examples:
Help - AIX 6.1 Information Center
Thanks, are there any better alternatives to using IPsec? I am an Linux admin so I am used to using IPtables but the preferred option for AIX from what I have read seems to be IPsec?
Using smit it only allows me to use one argument for the port but I haven't checked it this works fine using CL.
Don't know an alternative for AIX. Maybe put the AIX box behind a Linux box that uses iptables to protect the AIX box?
I have not seen many production servers with internal firewall turned on. The reason is of course you will get a performance hit. Instead, as zaxxon suggested, you may put the server behind a dedicated firewall. Maybe you should consult with your network admins.