exptun Command
Purpose
Exports a tunnel definition and, optionally, all the user defined filter rules associated with the tunnel. Creates a tunnel export file and an optional filter rule export file that can be used for the tunnel partner.
Syntax
Description
Use the exptun command to create a tunnel context export file and, optionally, a filter rule appendage file for a tunnel partner to import. This command does not activate a tunnel, it simply creates the required files for the tunnel partner.
Note: Generated export files contain keys used by the
tunnel. Protect these files with the operating system file system
protection features.
Flags
Item | Description |
---|---|
-f | Defines the directory where the export files are to be written. The directory will be created if it does not exist. The export files may then be sent to the tunnel partner to be imported. It is recommended that export files for each tunnel partner have a different directory specification. |
-l | The type of the tunnel(s) you want to export. If manual is specified, only manual ibm tunnel(s)are exported. |
-r | Exports all the user defined filter rules associated with the tunnel(s). If this flag is not used, only the tunnel definitions will be exported. |
-t | Specifies the list of tunnel IDs to be used for the export files. The list may be specified as a sequence of tunnel IDs separated by a "," or "-" (1, 3, 10, 50-55). If this flag is not used, all tunnel definitions from the tunnel database will be exported. |
-v | The IP version of the tunnels being exported. Value 4 specifies IP version 4 tunnels. Value 6 specifies IP version 6 tunnels. If this flag is not used, both IP version 4 and IP version 6 tunnel definitions will be exported. |
Security
Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged
operations. For more information about authorizations and privileges, see Privileged Command
Database in Security. For a list of privileges and the
authorizations that are associated with this command, see the lssecattr command
or the getcmdattr subcommand.