Activates or deactivates the filter rules.
Use the mkfilt command to activate or deactivate the filter rules. This command can also be used to control the filter logging function. IPsec filter rules for this command can be configured using the genfilt command, IPsec smit (IP version 4 or IP version 6), or Web-based System Manager in the Virtual Private Network submenu.
Item | Description |
---|---|
-v | IP version of the rules you want to activate. The value of 4 specifies IP version 4 and the value of 6 specifies IP version 6. The default (when this flag is not used) is to activate both IP version 4 and IP version 6. All the filter rules defined in the filter rule table for the IP version(s) will be activated or deactivated. |
-d | Deactivates the active filter rules. This flag cannot be used with the -u flag. |
-u | Activates the filter rules in the filter rule table. This flag cannot be used with the -d flag. |
-z | Sets the action of the default filter rule to Permit (P) or Deny (D). The default filter rule is the last rule in the filter rule table that will apply to traffic that does not apply to any other filter rules in the table. Setting the action of this rule to Permit will allow all traffic that does not apply to any other filter rules. Setting this action to Deny will not allow traffic that does not apply to any other filter rules. |
-g | This flag is used to either start (start) or stop (stop) the log functionality of the filter rule module. |
-i | Initialization flag. This flag only applies when the -u flag is also used. If the -i flag is used, all the filter rules with an "active" status will be activated. If not used, all the filter rules in the filter rule table will be activated. |