lsfilt Command

Purpose

Lists filter rules from either the filter table or the IP Security subsystem.

Syntax

lsfilt -v 4|6 [-n fid_list] [-a] [-d]

Description

Use the lsfilt command to list filter rules and their status.

Note: Filter description fields are not listed in the kernel. No filter description text will be displayed when active or dynamic filter rules are listed.

Flags

Item Description
-a List only the active filter rules. The active filter rules are the rules being used by the filter kernel currently. If omitted, all the filter rules in the filter rule table will be listed.
-d Lists the dynamic filter rules used for Internet Key Exchange (IKE) tunnels. This table is built dynamically as IKE negotiations start creating IP Security tunnels and their corresponding filter rules are added to the dynamic IKE filter table.
-n Specifies the ID(s) of filter rule(s) that are displayed. The fid_list is a list of filter IDs separated by a space or "," or "-". The -n is not for active filter rules. This flag cannot be used with the -a flag.
-v IP version of the filter rule you want to list. Valid values for this flag are 4 and 6. If this flag is not used, both IP version 4 and IP version 6 are listed.

Security

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in AIX® Version 7.1 Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.