Accessing filter rules from SMIT
You can configure rules from SMIT.
To configure filter rules from SMIT, complete the following steps.
- From a command line, enter the following command:
- Select Advanced IP Security Configuration.
- Select Configure IP Security Filter Rules.
- Select Add an IP Security Filter Rule.
Add an IP Security Filter Rule Type or select values in entry fields. Press Enter AFTER making all desired changes. [TOP] [Entry Fields] * Rule Action [permit] + * IP Source Address  * IP Source Mask  IP Destination Address  IP Destination Mask  * Apply to Source Routing? (PERMIT/inbound only) [yes] + * Protocol [all] + * Source Port / ICMP Type Operation [any] + * Source Port Number / ICMP Type  # * Destination Port / ICMP Code Operation [any] + * Destination Port Number / ICMP Type  # * Routing [both] + * Direction [both] + * Log Control [no] + * Fragmentation Control  + * Interface  + Expiration Time (sec)  # Pattern Type [none] + Pattern / Pattern File  Description  Where "Pattern Type" may be one of the following x none x# x pattern x x file x x Anti-Virus patterns
The choices for the action field are:
deny, shun_host, shun_port, if, else, endif.
If a pattern file is specified, then it must be readable when the filter rules are activated with the mkfilt -a command. The filter rules are stored in the /etc/security/ipsec_filter database.