Exports filter rules to an export file.
Use the expfilt command to export filter rules into export text files, which can be used by the impfilt command. This is useful if you want to define similar rules on multiple machines.
IPsec filter rules for this command can be configured using the genfilt command, IPsec smit (IP version 4 or IP version 6), or Web-based System Manager in the Virtual Private Network submenu.
Item | Description |
---|---|
-f directory | Specifies the directory to create the exported text files. The directory will be created if it does not exist. |
-l filt_id_list | Lists the IDs of the filter rules you want to export. The filter rule IDs can be separated by "," or "-". If this flag is not used, all the filter rules defined in the filter rule table for the applicable IP versions will be exported. |
-p | Allows predefined rules. |
-q | Specifies quiet mode. Suppresses output to stdout. |
-r | Specifies raw mode. Exports filter rules as is and does not
reverse direction on rules. Use this flag when filter rules are exported
and imported as is; for example, to save a configuration or replicate
a configuration to another machine. With the -r flag, the direction of the traffic will be preserved. For instance if there is a rule on host 10.0.0.1 to permit inbound traffic from 10.0.0.2, expfilt with the -r flag will write the same filter rule. Omitting the -r flag will cause the direction to be switched from inbound to outbound in the export file. |
-v | IP version of the filter rules you want to export. The value of 4 specifies IP version 4 and the value of 6 specifies IP version 6. When this flag is not used, both IP version 4 and IP version 6 rules are exported. |