IP filters for AIX

Edit online

IPFilter is a software package that can be used to provide network address translation (NAT) or firewall services.

IPFilter version 4.1.13 was ported to AIX® from the IPFilter website (http://coombs.anu.edu.au/~Avalon/). The IPFilter website no longer exists. The IPFilter software is shipped with the AIX expansion pack. The ipfl installp package, includes the man page and license for the IPFilter software.

On the AIX operating system, the IPFilter product loads as a kernel extension, /usr/lib/drivers/ipf. The ipf, ipfs, ipfstat, ipmon, and ipnat binaries are also shipped with this package.

After installing the package, run the following command to load the kernel extension:
/usr/lib/methods/cfg_ipf -l
Run the following command to unload the kernel extension:
/usr/lib/methods/cfg_ipf -u

Remember to enable ipforwarding (network option) if packet forwarding is needed.

Note: You must not run the ipfilter command and the ipsec command simultaneously. While an ipfilter command operation is in progress, you might face issues when you start and configure the ipsec_v4 devices.