Use this command to display or refresh TCP/IP packet filtering rules that
are defined for your TPF system.
Requirements and Restrictions
- You can enter this command only in 1052 state or higher.
- You can enter this command only from the basic subsystem (BSS).
Format
- DISplay
- displays the packet filtering rules and the number of packets that have
applied to each rule.
- REFresh
- refreshes the core copy of the packet filtering rules from the current
copy of the /etc/iprules.txt file.
Notes:
- Changes to the packet filtering rules take effect immediately after you
enter ZFILT REFRESH.
- If you specify the REFRESH parameter and the same rule exists in both the
previous and updated versions of the /etc/iprules.txt file,
the number of packets that applied to that rule are not reset to 0 across the
refresh operation; therefore, you will not lose any previous data related
to that rule. For example, assume a rule existed in the previous
version of the file and there were 500 packets for which this rule
applied. If the same rule exists in the updated file after you enter
ZFILT REFRESH, the number of packets for which the rule applies will still be
500.
Additional Information
Online help information is available for this command. To display
the help information, enter one of the following:
ZFILT HELP
ZFILT ?
Examples
In the following example, the current packet filtering rules are displayed,
where:
- RULE
- is the rule number. The last rule, DEF, is the default
action.
- ACTION
- is the action that will be taken if the rule is applied to an input
packet.
- REMOTE NETWORK
- is the IP network that sent the packet to the TPF system.
- PORT
- is the port number of the TPF application.
- PROTO
- is the protocol.
- ICMPTYPE
- is the type of Internet Control Message Protocol (ICMP) message.
- PACKETS
- is the number of packets for which this rule has been applied.
- Note:
- For TCP packets, the rules are examined only for connection requests.
+--------------------------------------------------------------------------------+
|User: ZFILT DISPLAY |
| |
|System: FILT0001I 17.20.24 DISPLAY PACKET FILTERING RULES |
| |
| RULE ACTION REMOTE NETWORK PORT PROTO ICMPTYPE PACKETS |
| ---- ------ ------------------ ----- ----- -------- ---------- |
| 1 ALLOW 9.117.121.0/24 5001 TCP 671 |
| 2 REJECT 5001 TCP 23 |
| 3 ALLOW 1.123.0.0/16 25 TCP 2134 |
| 4 ALLOW 1.123.0.0/16 6666 UDP 430 |
| 5 DENY 1.56.0.0/16 22 |
| 6 DENY 1.56.0.0/16 ICMP 8 323 |
| 7 ALLOW 9.117.121.35/32 5002 TCP 442 |
| 8 REJECT 5002 TCP 1230 |
| DEF ALLOW 333523 |
| |
| END OF DISPLAY+ |
+--------------------------------------------------------------------------------+
Related Information
See the TPF Transmission Control Protocol/Internet
Protocol for more information about TCP/IP packet filtering firewall
support.