Lists filter rules from either the filter table or the IP Security subsystem.
lsfilt -v 4|6 [-n fid_list] [-a] [-d]
Use the lsfilt command to list filter rules and their status.
Item | Description |
---|---|
-a | List only the active filter rules. The active filter rules are the rules being used by the filter kernel currently. If omitted, all the filter rules in the filter rule table will be listed. |
-d | Lists the dynamic filter rules used for Internet Key Exchange (IKE) tunnels. This table is built dynamically as IKE negotiations start creating IP Security tunnels and their corresponding filter rules are added to the dynamic IKE filter table. |
-n | Specifies the ID(s) of filter rule(s) that are displayed. The fid_list is a list of filter IDs separated by a space or "," or "-". The -n is not for active filter rules. This flag cannot be used with the -a flag. |
-v | IP version of the filter rule you want to list. Valid values for this flag are 4 and 6. If this flag is not used, both IP version 4 and IP version 6 are listed. |