===== IPSec Firewall AIX =====
Chek if it's installed:
<code>
lslpp -l | grep ipsec
</code>
Start:
<code>
smit ipsec4
Start/Stop IP Security
Start IP Security
Start IP Security                                  [Now and After Reboot]
</code>

==== Filter only one IP and one port ====
Specific network interface:
<code>
genfilt -v4 -a D -s 10.149.128.122 -m 255.255.255.0 -d 10.149.128.123 -M 255.255.255.0 -g N -c tcp -o eq -p 80 -r L -w I -l N -f Y -i en0
</code>
All interfaces:
<code>
genfilt -v4 -a D -s 10.149.128.122 -m 255.255.255.0 -d 10.149.128.123 -M 255.255.255.0 -g N -c tcp -o eq -p 80 -r L -w I -l N -f Y -i all
</code>
The same but locally:
<code>
genfilt -v4 -a D -s 10.149.128.122 -m 255.255.255.0 -d 10.149.128.123 -M 255.255.255.0 -g N -c tcp -O eq -P 80 -r L -w O -l N -f Y -i en0
</code>
The same but locally with all interfaces:
<code>
genfilt -v4 -a D -s 10.149.128.122 -m 255.255.255.0 -d 10.149.128.123 -M 255.255.255.0 -g N -c tcp -O eq -P 80 -r L -w O -l N -f Y -i all
</code>

¿What meaning the above?
  * -v4: use IPv4 rles
  * -a D: action Deny
  * -s 10.149.128.122: source address
  * -m 255.255.255.0: source subnet mask
  * -d 10.149.128.123: destination address
  * -M 255.255.255.0: destination subnet mask
  * -g N: use source routing No
  * -c tcp: apply to tcp protocol
  * -O eq: destination port condition (lt, le, gt, ge, eq, neq, and any)
  * -P: destination port
  * -r L: apply the rule for destined and local packets
  * -w O: apply the rule for outbound packets
  * -l N: no log
  * -f Y: Control all packets fragmented or no
  * -i all: all interfaces
Apply changes:
<code>
mkfilt -g start
mkfilt -u
</code>
List rules:
<code>
lsfilt -a -v4
</code>
Restart IPSec:
<code>
smit ipsec4
</code>

=== Remove rules ===
Remove all rules:
<code>
rmfilt -v4 -n all
mkfilt -g start
mkfilt -u
</code>
==== References ====
  * https://www.ibm.com/support/knowledgecenter/en/ssw_aix_71/com.ibm.aix.cmds2/genfilt.htm