lsfilt Command
Purpose
Lists filter rules from either the filter table or the IP Security subsystem.
Syntax
lsfilt -v 4|6 [-n fid_list] [-a] [-d]
Description
Use the lsfilt command to list filter rules and their status.
Note: Filter description
fields are not listed in the kernel. No filter description text will
be displayed when active or dynamic filter rules are listed.
Flags
| Item | Description |
|---|---|
| -a | List only the active filter rules. The active filter rules are the rules being used by the filter kernel currently. If omitted, all the filter rules in the filter rule table will be listed. |
| -d | Lists the dynamic filter rules used for Internet Key Exchange (IKE) tunnels. This table is built dynamically as IKE negotiations start creating IP Security tunnels and their corresponding filter rules are added to the dynamic IKE filter table. |
| -n | Specifies the ID(s) of filter rule(s) that are displayed. The fid_list is a list of filter IDs separated by a space or "," or "-". The -n is not for active filter rules. This flag cannot be used with the -a flag. |
| -v | IP version of the filter rule you want to list. Valid values for this flag are 4 and 6. If this flag is not used, both IP version 4 and IP version 6 are listed. |
Security
Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged
operations. For more information about authorizations and privileges, see Privileged Command
Database in Security. For a list of privileges and the
authorizations associated with this command, see the lssecattr command or the
getcmdattr subcommand.