How to Remove an Inactive Packet Filtering Rule Set
From the Kernel
-
Assume a role that includes the IP Filter Management rights profile, or become superuser.
You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
-
Specify the inactive rule set in the “flush all” command.
# ipf -I -Fa
This command flushes the inactive rule set from the kernel.
Note –If you subsequently run ipf -s, the empty inactive rule set will become the active rule set. An empty active rule set means that no filtering will be done.
Example 26–10 Removing an Inactive Packet Filtering Rule Set From the Kernel
The following example shows how to flush the inactive packet filtering rule set so that all rules have been removed.
# ipfstat -I -io empty list for inactive ipfilter(out) block in log quick from 10.0.0.0/8 to any block in on dmfe1 proto tcp from 10.1.1.1/32 to any # ipf -I -Fa # ipfstat -I -io empty list for inactive ipfilter(out) empty list for inactive ipfilter(in) |
- © 2010, Oracle Corporation and/or its affiliates