Migrating filters

Edit online

Perform the following steps to migrate filters.


  1. Export the filter rules files to the /tmp directory using SMIT by completing the following steps:
    1. Run the smitty ipsec4 command.
    2. Select Advanced IP Security Configuration—>Configure IP Security Filter Rules—>Export IP Security filter rules.
    3. Enter /tmp for the directory name.
    4. Under the Filter Rules option press F4 and select all from the list.
    5. Press enter to save the filter rules in the /tmp/ipsec_fltr_rule.exp file on the external media.

    Complete this process for all of the systems you are migrating from prior versions of the AIX operating system.

  2. Copy the six tunnel files created by the script, the /tmp/lpplevel file, and the /tmp/ipsec_fltr_rule.exp file to the /tmp directory on the migrated system.
  3. Run the bos.net.ipsec.keymgt.post_i.sh script to repopulate the tunnel configurations into the database.

  4. Run the ikedb -g command to verify that the tunnels are in the database.
    Note: If you do not see the tunnel information in the database, run the script again, but rename all the *.loaded files in /tmp directory to their original names.
On a system that has been migrated, the filter database is corrupted after migration. If you run the lsfilt command on the migrated system, you will get the following error: 
Cannot get ipv4 default filter rule
To update the filter database, complete the following steps:
  1. Replace the ipsec_filter file and the ipsec_filter.vc file in the /etc/security directory with the uncorrupted files from a newly migrated system. If you do not have these files, you can request them from IBM® Service.
  2. Import the filter rules files to the /tmp directory using SMIT by completing the following steps:
    1. Run the smitty ipsec4 command.
    2. Select Advanced IP Security Configuration—>Configure IP Security Filter Rules—>Import IP Security filter rules.
    3. Enter /tmp for the directory name.
    4. Under the Filter Rules option press F4 and select all from the list.
    5. Press Enter to recreate the filter rules. You can list the filter rules through SMIT or with the lsfilt command.