首先,啥叫AIX?AIX (Advanced Interactive eXecutive)是IBM基于AT&T Unix System V开发的一套类UNIX操作系统,运行在IBM专有的Power系列芯片设计的小型机硬件系统之上。它符合Open group的UNIX 98行业标准(The Open Group UNIX 98 Base Brand),通过全面集成对32-位和64-位应用的并行运行支持,为这些应用提供了全面的可扩展性。它可以在所有的IBM ~ p系列和IBM RS/6000工作站、服务器和大型并行超级计算机上运行。
——————来自百度
AIX怎么试用防火墙?
引子国外文章,AIX自带防火墙试用方式:
Sample firewall in AIX
To build firewall under AIX is sample, but as each host based firewall should be done careful
1. Prerequisites
To start firewall in AIX you need few packages to be installed:
- bos.msg.en_US.net.ipsec
- bos.net.ipsec.keymgt
- bos.net.ipsec.rte
- clic.rte.kernext
- clic.rte.lib
2. Start/Stop
to start the firewall its need to execute (as root) the follow command
/usr/sbin/mkdev -c ipsec -t 4
/usr/sbin/mkfilt -v 4 -u -z P
to stop it exec this command
/usr/sbin/rmdev -l ipsec_v4
The above commands are for IPv4. For IPv6 read the manual pages from IBM
3. Write first rule
Let permit ssh access to this machine from everywhere and log entire activity
genfilt -v 4 -a P -s 0.0.0.0 -m 0.0.0.0 -d my_local_IP -M 255.255.255.255 -g Y -c tcp -o any -p 0 -O eq -P 22 -r B -w I -l Y -f Y -i all
But we want to stop all the rest communications
genfilt -v 4 -a D -s 0.0.0.0 -m 0.0.0.0 -d my_local_IP -M 255.255.255.255 -g Y -c tcp -o any -p 0 -O any -P 0 -r B -w I -l N -f Y -i all
and activate the rules
mkfilt -v4 –u
4. Check the activated rule
lsfilt -v 4 -O
1 permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 no udp eq 4001 eq 4001 both both no all packets 0 all
2 *** Dynamic filter placement rule for IKE tunnels *** no
3 permit 0.0.0.0 0.0.0.0 my_local_IP 255.255.255.255 yes tcp any 0 eq 22 both both yes all packets 0 all
4 deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 yes all any 0 any 0 both both no all packets 0 all
5. Final conclusion
This article is just a sample example how to build the firewall. For more detailed information please consult AIX documentation