The 'firewall' flag

The IP protocol layer contains a switchable parameter called 'firewall'. This parameter acts as a flag which allows you to (optionally) enable or disable the firewall while the system is running. You can view or toggle this parameter by using the INETCFG utility.

To check the current state of this parameter, use the syntax:

    inetcfg -get firewall

The output of this command should look like this:

    #Inetcfg:       CURRENT DEFAULT MINIMUM MAXIMUM
    firewall        1       0       0       1       FIREWALL ON/OFF

A value of 1 under the 'CURRENT' column indicates that the firewall is enabled. A value of 0 under this column indicates that the firewall is disabled.

Disabling the firewall

If you want to disable the firewall, you can do so with the command:

    inetcfg -set firewall 0

If the firewall is disabled, all IP traffic will be allowed into, out of, or through the system. You should be aware of any potential security ramifications this may bring about.

Enabling the firewall

Whenever the firewall is disabled in this way, you may re-enable it with the command:

    inetcfg -set firewall 1

Note that whenever you use the CFGFILT command to load a new set of filter rules (with the '-u' argument), the 'firewall' parameter will automatically be set to 1. It is therefore not necessary to set this flag explicitly when starting the firewall under normal circumstances.


[Back: Optional tasks]
[Next: SYN attack prevention]