mkfilt Command

Purpose

Activates or deactivates the filter rules.

Syntax

mkfilt -v 4 | 6 [ -d ] [ -u ] [ -z P | D ] [ -g start | stop] [ -i ]

Description

Use the mkfilt command to activate or deactivate the filter rules. This command can also be used to control the filter logging function. IPsec filter rules for this command can be configured using the genfilt command or IPsec smit (IP version 4 or IP version 6).

Flags

Item Description
-v IP version of the rules you want to activate. The value of 4 specifies IP version 4 and the value of 6 specifies IP version 6. The default (when this flag is not used) is to activate both IP version 4 and IP version 6. All the filter rules defined in the filter rule table for the IP version(s) will be activated or deactivated.
-d Deactivates the active filter rules. This flag cannot be used with the -u flag.
-u Activates the filter rules in the filter rule table. This flag cannot be used with the -d flag.
-z Sets the action of the default filter rule to Permit (P) or Deny (D). The default filter rule is the last rule in the filter rule table that will apply to traffic that does not apply to any other filter rules in the table. Setting the action of this rule to Permit will allow all traffic that does not apply to any other filter rules. Setting this action to Deny will not allow traffic that does not apply to any other filter rules.
-g This flag is used to either start (start) or stop (stop) the log functionality of the filter rule module.
-i Initialization flag. This flag only applies when the -u flag is also used. If the -i flag is used, all the filter rules with an "active" status will be activated. If not used, all the filter rules in the filter rule table will be activated.

Security

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.