How to View the Active Packet Filtering Rule Set

1. Assume a role that includes the IP Filter Management rights profile, or become superuser.

   You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. View the active packet filtering rule set that is loaded in the kernel.

   # ipfstat -io

Example 26–2 Viewing the Active Packet Filtering Rule Set

The following example shows output from the active packet filtering rule set that is loaded in the kernel.

# ipfstat -io
empty list for ipfilter(out)
pass in quick on dmfe1 from 192.168.1.0/24 to any
pass in all
block in on dmfe1 from 192.168.1.10/32 to any