Accessing filter rules from SMIT

You can configure rules from SMIT.

To configure filter rules from SMIT, complete the following steps.

  1. From a command line, enter the following command:smitty ipsec4
  2. Select Advanced IP Security Configuration.
  3. Select Configure IP Security Filter Rules.
  4. Select Add an IP Security Filter Rule.
                         Add an IP Security Filter Rule

Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[TOP]                                                   [Entry Fields]
* Rule Action                                        [permit]                +
* IP Source Address                                  []
* IP Source Mask                                     []
  IP Destination Address                             []
  IP Destination Mask                                []
* Apply to Source Routing? (PERMIT/inbound only)     [yes]                   + 
* Protocol                                           [all]                   + 
* Source Port / ICMP Type Operation                  [any]                   + 
* Source Port Number / ICMP Type                     [0]                      #
* Destination Port / ICMP Code Operation             [any]                   + 
* Destination Port Number / ICMP Type                [0]                      #
* Routing                                            [both]                  + 
* Direction                                          [both]                  + 
* Log Control                                        [no]                    + 
* Fragmentation Control                              [0]                     + 
* Interface                                          []                      + 
  Expiration Time (sec)                              []                       #
  Pattern Type                                       [none]                  + 
  Pattern / Pattern File                             []
  Description                                        []

Where "Pattern Type" may be one of the following
  x   none                                                                   x#
  x   pattern                                                                x 
  x   file                                                                   x
  x   Anti-Virus patterns        

The choices for the action field are: permit, deny, shun_host, shun_port, if, else, endif.

If a pattern file is specified, then it must be readable when the filter rules are activated with the mkfilt -a command. The filter rules are stored in the /etc/security/ipsec_filter database.