expfilt Command

Purpose

Exports filter rules to an export file.

Syntax

expfilt [ -p ] [ -q ] [ -r ] [ -v 4 | 6 ] -f directory [ -l filt_id_list ]

Description

Use the expfilt command to export filter rules into export text files, which can be used by the impfilt command. This is useful if you want to define similar rules on multiple machines.

Note: The filter description on one machine might be meaningless or misleading in another machine. This field is not exported.

IPsec filter rules for this command can be configured using the genfilt command, IPsec smit (IP version 4 or IP version 6), or Web-based System Manager in the Virtual Private Network submenu.

Flags

Item Description
-f directory Specifies the directory to create the exported text files. The directory will be created if it does not exist.
-l filt_id_list Lists the IDs of the filter rules you want to export. The filter rule IDs can be separated by "," or "-". If this flag is not used, all the filter rules defined in the filter rule table for the applicable IP versions will be exported.
-p Allows predefined rules.
-q Specifies quiet mode. Suppresses output to stdout.
-r Specifies raw mode. Exports filter rules as is and does not reverse direction on rules. Use this flag when filter rules are exported and imported as is; for example, to save a configuration or replicate a configuration to another machine.

With the -r flag, the direction of the traffic will be preserved. For instance if there is a rule on host 10.0.0.1 to permit inbound traffic from 10.0.0.2, expfilt with the -r flag will write the same filter rule.

Omitting the -r flag will cause the direction to be switched from inbound to outbound in the export file.

-v IP version of the filter rules you want to export. The value of 4 specifies IP version 4 and the value of 6 specifies IP version 6. When this flag is not used, both IP version 4 and IP version 6 rules are exported.

Security

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in AIX® Version 7.1 Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.