HP-UX IPFilter Version 16 Administrator's Guide
-s
Switches the active ruleset with the inactive ruleset. IPFilter maintains
an active ruleset and an inactive ruleset. The active ruleset is the
ruleset used for IPFilter operations, and the inactive ruleset is a
supplementary, reserve ruleset.
If you specify this option with the -6 option, this option affects the
IPv6 rulesets; if you specify it without the -6 option, this option
affects the IPv4 rulesets.
-Fa
Flushes all rules in the specified ruleset. If you specify this option
with the -6 option, this option affects the IPv6 rulesets; if you specify
it without the -6 option, this option affects the IPv4 rulesets.
-Fi
Flushes only the IN rules in the ruleset. If you specify this option
with the -6 option, this option affects the IPv6 rulesets; if you specify
it without the -6 option, this option affects the IPv4 rulesets.
-Fo
Flushes only the OUT rules in the ruleset. If you specify this option
with the -6 option, this option affects the IPv6 rulesets; if you specify
it without the -6 option, this option affects the IPv4 rulesets.
-I
Specifies that the action applies to the inactive ruleset. If you specify
this option with the -6 option, this option affects the IPv6 ruleset; if
you specify it without the -6 option, this option affects the IPv4
ruleset.
-Z Zeroes out the TCP Connections counters displayed in the
ipfstat output.
-m d|e|q|t
Disables or enables DCA mode, queries the DCA mode, or toggles
DCA between being enabled or disabled by using the following
options:
• d
Disables DCA.
• e
Enables DCA.
• q
Queries whether DCA is disabled or enabled.
• t
Toggles DCA between disabled or enabled.
There is a single DCA mode for both IPv4 and IPv6 DCA processing.
Specifying the -6 option with the -m option has no effect. See
“Enabling and Disabling DCA” (page 52) for more information about
how to disable, enable, query, or toggle DCA.
TIP: If you have no DCA rules (no keep limit rules), HP
recommends that you disable DCA.
-E interface_name
Enables IPFilter processing for traffic on a given interface. If you
specify this option with the -6 option, it enables IPv6 IPFilter
processing; if you specify this option without the -6 option, it enables
IPv4 IPFilter processing.
-D interface_name
Disables IPFilter processing for traffic on a given interface. If you
specify this option with the -6 option, it disables IPv6 IPFilter
processing; if you specify this option without the -6 option, it disables
86 HP-UX IPFilter Utilities