Table of Contents

IPSec Firewall AIX

Chek if it's installed: 

lslpp -l | grep ipsec

Start: 

smit ipsec4
Start/Stop IP Security
Start IP Security
Start IP Security                                  [Now and After Reboot]

Filter only one IP and one port

Specific network interface: 

genfilt -v4 -a D -s 10.149.128.122 -m 255.255.255.0 -d 10.149.128.123 -M 255.255.255.0 -g N -c tcp -o eq -p 80 -r L -w I -l N -f Y -i en0

All interfaces: 

genfilt -v4 -a D -s 10.149.128.122 -m 255.255.255.0 -d 10.149.128.123 -M 255.255.255.0 -g N -c tcp -o eq -p 80 -r L -w I -l N -f Y -i all

The same but locally: 

genfilt -v4 -a D -s 10.149.128.122 -m 255.255.255.0 -d 10.149.128.123 -M 255.255.255.0 -g N -c tcp -O eq -P 80 -r L -w O -l N -f Y -i en0

The same but locally with all interfaces: 

genfilt -v4 -a D -s 10.149.128.122 -m 255.255.255.0 -d 10.149.128.123 -M 255.255.255.0 -g N -c tcp -O eq -P 80 -r L -w O -l N -f Y -i all

¿What meaning the above?

Apply changes: 

mkfilt -g start
mkfilt -u

List rules: 

lsfilt -a -v4

Restart IPSec: 

smit ipsec4

Remove rules

Remove all rules: 

rmfilt -v4 -n all
mkfilt -g start
mkfilt -u

References