Accessing filter rules from SMIT
You can configure rules from SMIT.
To configure filter rules from SMIT, complete the following steps.
- From a command line, enter the following command:
smitty ipsec4
- Select Advanced IP Security Configuration.
- Select Configure IP Security Filter Rules.
- Select Add an IP Security Filter Rule.
Add an IP Security Filter Rule
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[TOP] [Entry Fields]
* Rule Action [permit] +
* IP Source Address []
* IP Source Mask []
IP Destination Address []
IP Destination Mask []
* Apply to Source Routing? (PERMIT/inbound only) [yes] +
* Protocol [all] +
* Source Port / ICMP Type Operation [any] +
* Source Port Number / ICMP Type [0] #
* Destination Port / ICMP Code Operation [any] +
* Destination Port Number / ICMP Type [0] #
* Routing [both] +
* Direction [both] +
* Log Control [no] +
* Fragmentation Control [0] +
* Interface [] +
Expiration Time (sec) [] #
Pattern Type [none] +
Pattern / Pattern File []
Description []
Where "Pattern Type" may be one of the following
x none x#
x pattern x
x file x
x Anti-Virus patterns
The choices for the action field are: permit,
deny, shun_host, shun_port, if, else, endif
.
If a pattern file is specified, then it must be readable when the filter rules are activated with the mkfilt -a command. The filter rules are stored in the /etc/security/ipsec_filter database.