ipsec -f display
The ipsec -f display command displays information about the current set of filter rules in use by a stack. The current set of filter rules will include any installed defensive filters.
| Option | Use |
|---|---|
| -p | Directs the command to a stack other than the local default stack. |
| -z | Directs the command to an NSS IPSec client. |
| -c profile | Displays information about the set of filter rules defined on the IPSEC statement in the TCP/IP profile. |
| -c policy | Display information about the set of filter rules defined in the Policy Agent IPSec Configuration file. |
Filter rules that are disallowed due to time conditions do not appear in the output of ipsec -f display command. The pasearch command must be used to obtain information about such filter rules. When working with an NSS client the pasearch command needs to be issued on the system where the client is executing. Use the ipsec -x command to determine where the NSS IPSec client is executing.
Several different types of filter rules exist. By default, the ipsec -f display output includes information about generic, defensive, dynamic anchor, dynamic, NATT anchor, and NATT dynamic filter rules. You can use the -h option to display information about filter rules of type NRF. NAT resolution filter (NRF) rules are present when the remote security endpoint is behind a NAT. See z/OS Communications Server: IP Configuration Guide for an explanation of filter types.