cfgfilt

Typing cfgfilt, without any parameters, runs the Packet Filter Rules Dump Facility.

This provides a summary of the firewall's current configuration.

To see an example of what should appear on your screen, go here

After basic configuration, any secure interfaces should now be listed and the status of the filter support code should be 'active'.

Rule 1 is the firewall's default rule (it is always present as the last rule in the list). It blocks all traffic through the firewall. Having this as default (and setting individual 'permit' rules to allow specific services) is the safest possible configuration.

The following table summarises the possible parameters for cfgfilt:

-u	update filter rules
-i	initialise filter device (must use with -u)
-f (file)	check a set of rules (default is \MPTN\ETC\SECURITY\FWFILTRS.CNF)
-c	deactivate filters and use default rules
-d (start\|stop)	start \| stop packet logging

There are other parameters, but they are used by IPSec in its tunnelling capacity, and are not relevant here.
Back