Adding Exceptions to Command Rules
To add exceptions to command rules, press the F6 key from the Work with Command Exceptions screen, as shown in Creating Exceptions to Command Filtering Rules (STRFW > 4 > 9).
The Add Command Exception screen appears:
| Add Command Exception Type information, press Enter. Command . . . Commands which are about to be rejected based on the Firewall rules are reviewed against this Command Exception to see if an exception that would allow them exists. Specify the command and its parameters up to the position you wish to check. The test will ignore quotes and double-quotes. Multiple blanks are treated as a single blank. Do not put Asterisks at the end. F3=Exit F12=Cancel |
Type the beginning of the command exception in the Command field, including the parameters that must begin the command for it to be excluded. For example, the entered command might be "CALL PARM1 PARM2".
For an entered command to match the exception, its initial characters, though the length of the string entered here, must match precisely, except that:
- Quotation marks (') and double quotes (") are ignored
- Multiple consecutive blanks are considered as a single blank
In entering the string,
- The command must not end with an asterisk ("*").
When you have the command, press Enter. More fields appear on the screen:
| Add Command Exception Command . . . CALL PARM1 PARM2 Define user authority, press Enter. Y=Yes User*, %Group Remote FTP / Group profile Cmd REXEC DDM *PUBLIC More... F3=Exit F4=Prompt F8=Print F12=Cancel |
The list that appears specifies users and the protocols that they might be using for which the exception is being made.
User*, %Group, Group profile
The name or generic name of a user or group for whom you are creating these settings. To see a list of possible users or groups, press the F4 key. The value %PUBLIC refers to all users for whom other exceptions have not been set for this command.
Remote Cmd
If set to Y, the user may run the command with these parameters via the Remote Command protocol.
FTP/REXEC
If set to Y, the user may run the command with these parameters via the FTP or REXEC protocols.
DDM
If set to Y, the user may run the command with these parameters via the DDM protocol.
Thus, for example, if
- the Command field is set to CALL THISPARM THATPARM
- The User*, %Group, Group profile is set to %PLONYGRP
- the DDM field is set to Y
members of the group %PLONYGRP may run commands beginning with CALL THISPARM THATPARM via the DDM protocol, even if the CALL command would normally be rejected.
To print the list of exceptions from this screen, press the F8 key.