Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Firewall
Operating Systems AIX Firewall Post 302447808 by bakunin on Tuesday 24th of August 2010 11:05:27 AM
Old 08-24-2010
A firewall - out of principle - can only protect the network behind it, not the system it runs on itself *) and there are only two roles for any given network node, which are absolutely distinct: firewall or host. If a node acts as a firewall it must not work as a host and if it acts as a host it must not work as a firewall - period.

Having said this you might be looking for firewall software installable on AIX. There are several choices:
  • IPSec has already been mentioned and is available since AIX 4.x. It is part of AIX and available for free.
  • SecureWay was a firewall product for AIX 4.x and - i believe - for AIX 5L (as part of the Global Security Kit). It has been distributed by IBM and there is a redbook at IBM Redbooks.
  • Commercial Products like the Check Point FireWall-1, for which also exists an IBM redbook.

I hope this helps.

bakunin

______
*) Corollary: all the "personal firewalls" sold with some popular graphical interrupt-handler (which misrepresents itself as an operating system) are simple packet filters, which do nothing to enhance any security but everything to enhance their vendors bank accounts. These "firewalls" just add some - utterly false - sense of security to the users experience. Stay away from those firewalls, the users of these and the underlying code waste dumps as well.
 

9 More Discussions You Might Find Interesting

1. Cybersecurity

What Firewall do you use?

Just out of curiosity, I see a lot of people here use Linux IPTables as their firewall. Anyone here use something else like OpenBSD PF or *BSD IPF, IPFW? I'm quite fond of OpenBSD and their Packet Filters. I find their syntax much easier to manage and from my personal experience, I find them... (5 Replies)
Discussion started by: tarballed
5 Replies

2. Cybersecurity

Looking Out from Behind a Firewall

Would it be possible to restrict access to internet pages in the following way? A machine: IP = 128.1.17.123 Only pages from domains of the type "go.jp" and "ne.jp" are viewable. All others are not viewable or only partly viewable. B machine: IP = 128.1.17.146 Regardless of the domain... (4 Replies)
Discussion started by: mntamago
4 Replies

3. IP Networking

Linux Firewall

ON A LINUX NETWORK, HOW DO I ASSIGN IP ADDRESSES TO OTHER TERMINALS AND AFTER THAT HOW I CAN DENY/GRANT ACCESS TO TERMINALS ON A LAN TO MY TERMINAL.PLEASE SPECIFY THE EXACT COMMANDS.kINDLY HELP ME (3 Replies)
Discussion started by: ameya_shaligram
3 Replies

4. UNIX for Advanced & Expert Users

routing and firewall

I have a PC with KUBUNTU installed on it and with 2NIC's on it (two PCI network 100Mbit cards). I want to use it as a server packet router and firewall between two computers with windows installed on them, each of this computer being connected to one different card on the KUBUNTU server. The... (1 Reply)
Discussion started by: meorfi
1 Replies

5. Cybersecurity

help with firewall

hi everyone I am a newbee to firewall scripting. cannot understand how to write rules per host. in ip6tables. anyone plz:( (2 Replies)
Discussion started by: xecutioner
2 Replies

6. Homework & Coursework Questions

firewall query

Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted! 1. The problem statement, all variables and given/known data: produce a report containing an iptable firewall definition for a system requproduce a report containing an... (0 Replies)
Discussion started by: boabbyrab
0 Replies

7. SuSE

Firewall

Is there a command line interface to the firewall? (4 Replies)
Discussion started by: jgt
4 Replies

8. Linux

Firewall?

Dear All I have put my windows machine behind my centos firewall server with just one NIC. At now, the windows machine can ping 192.9.9.3 but cannot resolve valid url (like www.google.com). I have set DNS for it as well. Can you please let me know what is the missing step? Thank you (6 Replies)
Discussion started by: hadimotamedi
6 Replies

9. Cybersecurity

Firewall

Hey Guys, I am looking for a good firewall software to implement in medium/large office, with at least 150 users. I was hopping you guys could help me on this one. Regards, (4 Replies)
Discussion started by: andrevicente
4 Replies

LEARN ABOUT SUSE

net::config

Net::Config(3pm)					 Perl Programmers Reference Guide					  Net::Config(3pm)

NAME

       Net::Config - Local configuration data for libnet

SYNOPSYS

	   use Net::Config qw(%NetConfig);

DESCRIPTION

       "Net::Config" holds configuration data for the modules in the libnet distribution. During installation you will be asked for these values.

       The configuration data is held globally in a file in the perl installation tree, but a user may override any of these values by providing
       their own. This can be done by having a ".libnetrc" file in their home directory. This file should return a reference to a HASH containing
       the keys described below.  For example

	   # .libnetrc
	   {
	       nntp_hosts => [ "my_preferred_host" ],
	       ph_hosts   => [ "my_ph_server" ],
	   }
	   __END__

METHODS

       "Net::Config" defines the following methods. They are methods as they are invoked as class methods. This is because "Net::Config" inherits
       from "Net::LocalCfg" so you can override these methods if you want.

       requires_firewall HOST
	   Attempts to determine if a given host is outside your firewall. Possible return values are.

	     -1  Cannot lookup hostname
	      0  Host is inside firewall (or there is no ftp_firewall entry)
	      1  Host is outside the firewall

	   This is done by using hostname lookup and the "local_netmask" entry in the configuration data.

NetConfig VALUES
       nntp_hosts
       snpp_hosts
       pop3_hosts
       smtp_hosts
       ph_hosts
       daytime_hosts
       time_hosts
	   Each is a reference to an array of hostnames (in order of preference), which should be used for the given protocol

       inet_domain
	   Your internet domain name

       ftp_firewall
	   If you have an FTP proxy firewall (NOT an HTTP or SOCKS firewall) then this value should be set to the firewall hostname. If your
	   firewall does not listen to port 21, then this value should be set to "hostname:port" (eg "hostname:99")

       ftp_firewall_type
	   There are many different ftp firewall products available. But unfortunately there is no standard for how to traverse a firewall.  The
	   list below shows the sequence of commands that Net::FTP will use

	     user	 Username for remote host
	     pass	 Password for remote host
	     fwuser	 Username for firewall
	     fwpass	 Password for firewall
	     remote.host The hostname of the remote ftp server

	   0   There is no firewall

	   1
		    USER user@remote.host
		    PASS pass

	   2
		    USER fwuser
		    PASS fwpass
		    USER user@remote.host
		    PASS pass

	   3
		    USER fwuser
		    PASS fwpass
		    SITE remote.site
		    USER user
		    PASS pass

	   4
		    USER fwuser
		    PASS fwpass
		    OPEN remote.site
		    USER user
		    PASS pass

	   5
		    USER user@fwuser@remote.site
		    PASS pass@fwpass

	   6
		    USER fwuser@remote.site
		    PASS fwpass
		    USER user
		    PASS pass

	   7
		    USER user@remote.host
		    PASS pass
		    AUTH fwuser
		    RESP fwpass

       ftp_ext_passive
       ftp_int_passive
	   FTP servers can work in passive or active mode. Active mode is when you want to transfer data you have to tell the server the address
	   and port to connect to.  Passive mode is when the server provide the address and port and you establish the connection.

	   With some firewalls active mode does not work as the server cannot connect to your machine (because you are behind a firewall) and the
	   firewall does not re-write the command. In this case you should set "ftp_ext_passive" to a true value.

	   Some servers are configured to only work in passive mode. If you have one of these you can force "Net::FTP" to always transfer in
	   passive mode; when not going via a firewall, by setting "ftp_int_passive" to a true value.

       local_netmask
	   A reference to a list of netmask strings in the form "134.99.4.0/24".  These are used by the "requires_firewall" function to determine
	   if a given host is inside or outside your firewall.

       The following entries are used during installation & testing on the libnet package

       test_hosts
	   If true then "make test" may attempt to connect to hosts given in the configuration.

       test_exists
	   If true then "Configure" will check each hostname given that it exists

perl v5.12.1							    2010-07-01							  Net::Config(3pm)
All times are GMT -4. The time now is 09:38 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy