To list active IP filter rules

  /usr/sbin/lsfilt -v 4 -O

Example:
1 permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 no udp eq 4001 eq 4001 both both no all
 packets 0 all
2 *** Dynamic filter placement rule for IKE tunnels *** no
3 permit 172.16.22.0 255.255.255.0 0.0.0.0 0.0.0.0 yes all any 0 any 0 both both
 no all packets 0 all
4 permit 128.143.0.0 255.255.0.0 0.0.0.0 0.0.0.0 yes all any 0 any 0 both both n
o all packets 0 all
5 permit 0.0.0.0 0.0.0.0 128.143.0.0 255.255.0.0 yes tcp any 0 eq 80 both both n
o all packets 0 all
6 permit 0.0.0.0 0.0.0.0 128.143.0.0 255.255.0.0 yes all any 0 eq 443 both both
no all packets 0 all
7 permit 0.0.0.0 0.0.0.0 128.143.0.0 255.255.0.0 yes tcp any 0 eq 22 both both n
o all packets 0 all
0 deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 yes all any 0 any 0 both both no all pack
ets 0 all

Interpretation:
1-2 are always there; this is the port used to establish IP SEC tunnels
3 = accept any packets originating from any 172.16.22.x address
4 = accept any packets originating from any 128.143.x.x address
5 = accept tcp packets for port 80 from any address
6 = accept tcp packets for port 443 from any address
7 = accept tcp packets for port 22 from any address
0 = deny any other packets