Originally posted by: SystemAdmin

I need to block some specific port used by application
from AIX, the port is not listed in /etc/services
How should i block the port?
#AIX-Forum

Originally posted by: cd3lgado

Hi

/etc/services is an index file used to identify and give a name to TCPIP port appl so no matter there's not an entry in this file appl can open a given port.

Easiest way to block a given TCP port is by not starting the appl. Let's say you don't want your SSH port (22) to listen for connections, then do not start SSH. Let's say you want to block to some ip address, you can create some IPSec rules in order to control who can open connections to that given port.
http://www.blacksheepnetworks.com/security/resources/aix-ipsec-filtering.html

Hope this helps
#AIX-Forum

Originally posted by: CRM

If you are AIX 5.3 and above ML5 (I think this is where it appeared) or AIX 6.1 then you can use TCP filters, this appeared with little fanfare.

See the AIX 5.3 differences guide addendum on www.redbooks.ibm.com :

6.7 IPFilters open source ported (5300-05)
IPFilter is a software package that can be used to provide network address
translation (NAT) or firewall services. IPFilter Version 4.1.13 open source
software, has been ported to AIX 5L, consistent with the licensing presented on
the IP Filter Web site, whose URL is:
http://coombs.anu.edu.au/~avalon/

You can generate a rule using genflt, I dumped the smitty output:

/usr/sbin/genfilt -v 4 -a 'D' -s 'all' -m 'all' -g 'y' -c 'tcp' -o 'eq' -p '1234' -O 'any' -P '0' -r 'B' -w 'O' -l 'N' -t '0'

Once you have your filters defined you then need to start the tcp filters up, use

smitty ips4_start_stop

That is all I can remember off the top of my head, check out the manuals in the infocenter for more.

cheers

Chris
#AIX-Forum