exptun Command

Purpose

Exports a tunnel definition and, optionally, all the user defined filter rules associated with the tunnel. Creates a tunnel export file and an optional filter rule export file that can be used for the tunnel partner.

Syntax

exptun [-v 4|6] -f directory [-t tid_list] [-r] [-l manual]

Description

Use the exptun command to create a tunnel context export file and, optionally, a filter rule appendage file for a tunnel partner to import. This command does not activate a tunnel, it simply creates the required files for the tunnel partner.

Note: Generated export files contain keys used by the tunnel. Protect these files with the operating system file system protection features.

Flags

Item Description
-f Defines the directory where the export files are to be written. The directory will be created if it does not exist. The export files may then be sent to the tunnel partner to be imported. It is recommended that export files for each tunnel partner have a different directory specification.
-l The type of the tunnel(s) you want to export. If manual is specified, only manual ibm tunnel(s)are exported.
-r Exports all the user defined filter rules associated with the tunnel(s). If this flag is not used, only the tunnel definitions will be exported.
-t Specifies the list of tunnel IDs to be used for the export files. The list may be specified as a sequence of tunnel IDs separated by a "," or "-" (1, 3, 10, 50-55). If this flag is not used, all tunnel definitions from the tunnel database will be exported.
-v The IP version of the tunnels being exported. Value 4 specifies IP version 4 tunnels. Value 6 specifies IP version 6 tunnels. If this flag is not used, both IP version 4 and IP version 6 tunnel definitions will be exported.

Security

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations that are associated with this command, see the lssecattr command or the getcmdattr subcommand.