08-24-2010
A firewall - out of principle - can only protect the network behind it, not the system it runs on itself *) and there are only two roles for any given network node, which are absolutely distinct: firewall or host. If a node acts as a firewall it must not work as a host and if it acts as a host it must not work as a firewall - period.
Having said this you might be looking for firewall software installable on AIX. There are several choices:
- IPSec has already been mentioned and is available since AIX 4.x. It is part of AIX and available for free.
- SecureWay was a firewall product for AIX 4.x and - i believe - for AIX 5L (as part of the Global Security Kit). It has been distributed by IBM and there is a redbook at IBM Redbooks.
- Commercial Products like the Check Point FireWall-1, for which also exists an IBM redbook.
I hope this helps.
bakunin
______
*) Corollary: all the "personal firewalls" sold with some popular graphical interrupt-handler (which misrepresents itself as an operating system) are simple packet filters, which do nothing to enhance any security but everything to enhance their vendors bank accounts. These "firewalls" just add some - utterly false - sense of security to the users experience. Stay away from those firewalls, the users of these and the underlying code waste dumps as well.
9 More Discussions You Might Find Interesting
1. Cybersecurity
Just out of curiosity, I see a lot of people here use Linux IPTables as their firewall.
Anyone here use something else like OpenBSD PF or *BSD IPF, IPFW?
I'm quite fond of OpenBSD and their Packet Filters. I find their syntax much easier to manage and from my personal experience, I find them... (5 Replies)
Discussion started by: tarballed
5 Replies
2. Cybersecurity
Would it be possible to restrict access to internet pages in the following way?
A machine:
IP = 128.1.17.123
Only pages from domains of the type "go.jp" and "ne.jp" are viewable. All others are not viewable or only partly viewable.
B machine:
IP = 128.1.17.146
Regardless of the domain... (4 Replies)
Discussion started by: mntamago
4 Replies
3. IP Networking
ON A LINUX NETWORK, HOW DO I ASSIGN IP ADDRESSES TO OTHER TERMINALS AND AFTER THAT HOW I CAN DENY/GRANT ACCESS TO TERMINALS ON A LAN TO MY TERMINAL.PLEASE SPECIFY THE EXACT COMMANDS.kINDLY HELP ME (3 Replies)
Discussion started by: ameya_shaligram
3 Replies
4. UNIX for Advanced & Expert Users
I have a PC with KUBUNTU installed on it and with 2NIC's on it (two PCI network 100Mbit cards). I want to use it as a server packet router and firewall between two computers with windows installed on them, each of this computer being connected to one different card on the KUBUNTU server. The... (1 Reply)
Discussion started by: meorfi
1 Replies
5. Cybersecurity
hi everyone
I am a newbee to firewall scripting. cannot understand how to write rules per host. in ip6tables.
anyone plz:( (2 Replies)
Discussion started by: xecutioner
2 Replies
6. Homework & Coursework Questions
Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted!
1. The problem statement, all variables and given/known data:
produce a report containing an iptable firewall definition for a system requproduce a report containing an... (0 Replies)
Discussion started by: boabbyrab
0 Replies
7. SuSE
Is there a command line interface to the firewall? (4 Replies)
Discussion started by: jgt
4 Replies
8. Linux
Dear All
I have put my windows machine behind my centos firewall server with just one NIC. At now, the windows machine can ping 192.9.9.3 but cannot resolve valid url (like www.google.com). I have set DNS for it as well. Can you please let me know what is the missing step?
Thank you (6 Replies)
Discussion started by: hadimotamedi
6 Replies
9. Cybersecurity
Hey Guys,
I am looking for a good firewall software to implement in medium/large office, with at least 150 users.
I was hopping you guys could help me on this one.
Regards, (4 Replies)
Discussion started by: andrevicente
4 Replies
LEARN ABOUT SUSE
net::config
Net::Config(3pm) Perl Programmers Reference Guide Net::Config(3pm)
NAME
Net::Config - Local configuration data for libnet
SYNOPSYS
use Net::Config qw(%NetConfig);
DESCRIPTION
"Net::Config" holds configuration data for the modules in the libnet distribution. During installation you will be asked for these values.
The configuration data is held globally in a file in the perl installation tree, but a user may override any of these values by providing
their own. This can be done by having a ".libnetrc" file in their home directory. This file should return a reference to a HASH containing
the keys described below. For example
# .libnetrc
{
nntp_hosts => [ "my_preferred_host" ],
ph_hosts => [ "my_ph_server" ],
}
__END__
METHODS
"Net::Config" defines the following methods. They are methods as they are invoked as class methods. This is because "Net::Config" inherits
from "Net::LocalCfg" so you can override these methods if you want.
requires_firewall HOST
Attempts to determine if a given host is outside your firewall. Possible return values are.
-1 Cannot lookup hostname
0 Host is inside firewall (or there is no ftp_firewall entry)
1 Host is outside the firewall
This is done by using hostname lookup and the "local_netmask" entry in the configuration data.
NetConfig VALUES
nntp_hosts
snpp_hosts
pop3_hosts
smtp_hosts
ph_hosts
daytime_hosts
time_hosts
Each is a reference to an array of hostnames (in order of preference), which should be used for the given protocol
inet_domain
Your internet domain name
ftp_firewall
If you have an FTP proxy firewall (NOT an HTTP or SOCKS firewall) then this value should be set to the firewall hostname. If your
firewall does not listen to port 21, then this value should be set to "hostname:port" (eg "hostname:99")
ftp_firewall_type
There are many different ftp firewall products available. But unfortunately there is no standard for how to traverse a firewall. The
list below shows the sequence of commands that Net::FTP will use
user Username for remote host
pass Password for remote host
fwuser Username for firewall
fwpass Password for firewall
remote.host The hostname of the remote ftp server
0 There is no firewall
1
USER user@remote.host
PASS pass
2
USER fwuser
PASS fwpass
USER user@remote.host
PASS pass
3
USER fwuser
PASS fwpass
SITE remote.site
USER user
PASS pass
4
USER fwuser
PASS fwpass
OPEN remote.site
USER user
PASS pass
5
USER user@fwuser@remote.site
PASS pass@fwpass
6
USER fwuser@remote.site
PASS fwpass
USER user
PASS pass
7
USER user@remote.host
PASS pass
AUTH fwuser
RESP fwpass
ftp_ext_passive
ftp_int_passive
FTP servers can work in passive or active mode. Active mode is when you want to transfer data you have to tell the server the address
and port to connect to. Passive mode is when the server provide the address and port and you establish the connection.
With some firewalls active mode does not work as the server cannot connect to your machine (because you are behind a firewall) and the
firewall does not re-write the command. In this case you should set "ftp_ext_passive" to a true value.
Some servers are configured to only work in passive mode. If you have one of these you can force "Net::FTP" to always transfer in
passive mode; when not going via a firewall, by setting "ftp_int_passive" to a true value.
local_netmask
A reference to a list of netmask strings in the form "134.99.4.0/24". These are used by the "requires_firewall" function to determine
if a given host is inside or outside your firewall.
The following entries are used during installation & testing on the libnet package
test_hosts
If true then "make test" may attempt to connect to hosts given in the configuration.
test_exists
If true then "Configure" will check each hostname given that it exists
perl v5.12.1 2010-07-01 Net::Config(3pm)