COMMAND

    IBM AIX Packet Filter module (genfilt)

SYSTEMS AFFECTED

    AIX 4.3.2 (other?)

PROBLEM

    Brumbles found following.  Packet Filtering Module, in  particular
    the command genfilt  does not allow  the addition of  filters with
    port numbers greater than 32767.

        genfilt -v 4 -a D -s 0.0.0.0 -m 0.0.0.0 -d 0.0.0.0 -M 0.0.0.0 -c udp -o any -O eq  -P 123 -l n -w I -i all

    Works fine... but...

        genfilt -v 4 -a D -s 0.0.0.0 -m 0.0.0.0 -d 0.0.0.0 -M 0.0.0.0 -c udp -o any -O eq  -P 32768 -l n -w I -i all

    Fails with:

        Bad destination port/ICMP type "32768".

    All is  well if  you use  port 32767.   Simply put,  the -P (port)
    parameter  will  not  accept  an  argument  greater  than   32767.
    Obviously there  are a  lot of  things above  32768 that you might
    want to filter,  e.g. rstatd and  other RPC programs,  and also if
    you  wanted  to  ensure  that  your  users  aren't  opening up any
    services  that  sit  on  high  ports,  they  can  circumvent   any
    protection you layer on top by starting their service above 32767!

SOLUTION

    IBM opened defect 289790 to address this.  It appears to be caused
    by using  a "short"  instead of  an "unsigned  short" for the port
    number.