Setting Firewall Rules based on Incoming Activity by IP Address with the Rule Wizard
To set rules based on the incoming activity analyzed for the Rule Wizard, open the Plan Incoming IP Security screen, as shown in Analyzing Recent Data on Incoming Activity by IP Address with the Rule Wizard (STRAUD > 2 > 42).
| Plan Incoming IP Security Type choices, press Enter. Subset . . 1=Statistics 2=Set by use 3=Allow by use 4=Delete 5=DSPFWLOG 9=Add similar C>R=Current to Revised Y Allowed Y=Allow Specify revised authority in the R column. N Rejected N=Reject Press Enter to apply revised authority. Y Allowed (by generic* rule) FTP/ N Rejected (by generic* rule) RE- Tel DB TCP RMT DDM/ Fil Number of Logged Entries EXEC net Srv SGN Srv DRDA Srv FTP/REX Telnet ---DB--- File Opt IP-Address C>R C>R C>R C>R C>R C>R C>R TCPSGN -RMT-- DDM/DRDA Srv 1.1.1.137 N N Y N N N N 24 1.1.1.139 Y S S Y N Y Y 218 Bottom F3=Exit F6=Add New F8=Print F11=Alt.view F12=Cancel |
To set new rules corresponding to activity seen for the IP Address, enter 2 in the Opt field for that address.
The Update Incoming IP Firewall window appears:
| Plan Incoming IP Security Type choices, press Enter. Subset . . Update Incoming IP Firewall New information is about to OVERLAY existing one: R D FTP/ TEL D TCP M D FIL ) IP Subnet REXEC NET B SGN T M SRV New 1.1.1.139 255.255.255.255 N N Y N N N N O Existing 1.1.1.139 255.255.255.255 Y S S Y N Y Y Write this rule . . . . . . . Y Y=Yes, N=No Same answer to all . . . . . Y=Yes, N=No F12=Cancel Bottom F3=Exit F6=Add New F8=Print F11=Alt.view F12=Cancel |
In this case, the only activity from IP address 1.1.1.77 requested access to the file server. Therefore, the new rule would allow access to the file server and block access to all the others.
To set new rules corresponding to how activity differed from the existing rules, enter 3 in the Opt field for that address.
The Update Incoming IP Firewall window appears:
| Plan Incoming IP Security Type choices, press Enter. Subset . . Update Incoming IP Firewall New information is about to OVERLAY existing one: R D FTP/ TEL D TCP M D FIL ) IP Subnet REXEC NET B SGN T M SRV New 1.1.1.139 255.255.255.255 Y S Y Y N Y Y O Existing 1.1.1.139 255.255.255.255 Y S S Y N Y Y Write this rule . . . . . . . Y Y=Yes, N=No Same answer to all . . . . . Y=Yes, N=No F12=Cancel Bottom F3=Exit F6=Add New F8=Print F11=Alt.view F12=Cancel |
Since the only difference between the existing rules and the actual activity for IP address 1.1.1.77 was that access was requested for the file server, which would previously have been rejected, the setting for that server would be changed from N to Y.
To save changes and exit this window, press Enter. The Rules Wizard saves the rule being changed and removes the line for that IP Address from the screen. You can see the resulting rule on the Dynamic Filtering- Incoming IP Address Security screen, as shown in Setting Firewall Rules for Incoming Activity by IP Addresses (STRAUD>2 > 1).
To exit this window without saving changes, press the F12 key. The window closes. The changes that would have been made are marked in the columns for those servers in the lines for those IP addresses on the screen. You can then further work with the rules and save them manually, as shown in Analyzing Recent Data on Incoming Activity by IP Address with the Rule Wizard.