Defining IP-Groups for Socket Connections

IP-Groups refer to sets of IP addresses that are not continuous, indicating which are included or excluded.

To define IP-Groups, select 5. IP-Group Definitions from the Incoming/Outgoing Connection Rules menu (STRFW> 15) as shown in Setting Firewall Rules for Socket Connections. The Work with IP-Groups screen appears:

​                               ​ Work with IP-Groups​                                                                                                               ​ Type options, press Enter.​                                                       ​ 1=Select​ ​ 3=Copy​ ​ 4=Delete​                 ​ Subset .​ ​                          ​                                                                                 ​ Opt​ ​ IP-Group​                                                                   ​ ​  ​  ​ *NONE                   ​                                                    ​  ​  ​ ALEXANDRA               ​                                                    ​  ​  ​ ALEXPC                  ​                                                    ​  ​  ​ ALL WORLD               ​                                                    ​  ​  ​ EVGENY-PC               ​                                                    ​  ​  ​ LINUX                   ​                                                    ​  ​  ​ ONEANDONE               ​                                                    ​  ​  ​ RAZLEE3                 ​                                                    ​  ​  ​ RLDEMO                  ​                                                    ​  ​  ​ RLDEV                   ​                                                    ​  ​  ​ RLPRV                   ​                                                    ​  ​  ​ RL74A                   ​                                                    ​  ​  ​ TEST                    ​                                                    ​  ​  ​ TESTX                   ​                                                                                                                     ​      More...​  ​ F3=Exit​  ​ F6=Add new​                                                                                                                                             ​                                                                             ​  ​  ​

To see and edit the definition of an IP-Group, enter 1 in the Opt field for that group. The Modify IP Addresses screen appears:

​                             ​ Modify IP Addresses ​                                                                                                                ​ Type information, press Enter.​                                                   ​ IP-Group​ ​ ALEXANDRA               ​                                             ​ Type​                                             ​ Prfx​ ​ 1=Inc​                   ​ 4/6​                                               ​ Lng ​ 2=Exc   ​ Text​           ​ ​  ​ ​ *ALL                                          ​    ​ ​ 2​ ​                      ​ ​ 4​ ​ 2.3.3.3                                       ​   1​ ​ 1​ ​                      ​ ​ 6​ ​ 11::                                          ​   8​ ​ 1​ ​                      ​ ​ 6​ ​ 11::                                          ​  10​ ​ 1​ ​                      ​ ​ 6​ ​ 11::                                          ​  19​ ​ 1​ ​                      ​ ​ 6​ ​ 11::                                          ​  70​ ​ 1​ ​                      ​ ​ 6​ ​ 11::                                          ​ 128​ ​ 1​ ​                      ​ ​ 4​ ​ 1.1.1.1                                       ​  11​ ​ 1​ ​                      ​ ​ 4​ ​ 1.1.1.1                                       ​  12​ ​ 1​ ​                      ​ ​ 4​ ​ 1.1.1.1                                       ​  14​ ​ 1​ ​                      ​ ​ 4​ ​ 1.1.1.1                                       ​  32​ ​ 1​ ​                      ​ ​ 4​ ​ 1.3.3.3                                       ​  32​ ​ 1​ ​                      ​ ​ 4​ ​ 2.3.3.3                                       ​  10​ ​ 1​ ​                      ​ ​ 4​ ​ 2.3.3.3                                       ​  12​ ​ 1​ ​                      ​                                                                  ​      More...​  ​ F3=Exit​  ​ F4=Prompt​  ​ F12=Cancel ​                                               ​                                                                                                                                                                  ​

Each line on the body of the screen shows one range of IPv4 or IPv6 addresses and indicates whether the rule includes or excludes it. The lines are considered to be joined by logical ANDs. Firewall uses a Best Fit algorithm to determine the rules for a connection. The rules that fit the current connection most precisely take precedence over more general rules.

For each line, the screen shows these fields:

Type 4/6

If set to 4, the rule is for IPv4 addresses.

If set to 6, the rule is for IPv6 addresses.

IP Address (unlabeled)

The first address of the IP address range.

Prfx Lng

For IP address ranges, the number of bits in the address, beginning at the start, that must match the first address to be included.

For IPv4 addresses, the maximum number is 32, meaning that the addresses must match exactly.

For IPv6 addresses, the maximum is 128.

1=Inc 2=Exc

If set to 1, the IP address range is included and socket connections from it are permitted.

If set to 2, the IP address range is excluded and socket connections from it are forbidden.

Text

A free-form text description of the rule.