Adding a Firewall Rule for Incoming Activity by IP Address

To add a rule for filtering activity by IP address, press the F6 key in the Dynamic Filtering - Incoming IP Address Security screen, shown in Setting Firewall Rules for Incoming Activity by IP Addresses (STRFW > 2 > 1).

The Dynamic Filtering - Add Incoming IP Address screen appears:

                  ​ Dynamic Filtering- Add Incoming IP Address​                   
                                                                                
 Type choices, press Enter.                                                    ​ 
                                                                                
 IP Address/*LCL.​  ​                                     ​ IP, *ALL, *LCL-generic*
 Subnet mask  . .​  ​ 255.255.255.255                     ​ F4 for list​            
 Text . . . . . .​  ​                                                             
                                                                                
                 ​ FTP/ ​  Tel-​  DB ​  TCP ​  Rmt​      ​ Fil​                         
                 ​ REXEC​  net ​  Srv​  SGN ​  Srv​  DDM​  Srv​                         
 Secure value . .​  ​      ​      ​     ​      ​     ​     ​    ​ Y=Yes, S=SSL only ​     
                                                        ​ A=Skip checks     ​     
                                                        ​ B=SSL+Skip checks ​     
                                                        ​ L=Skip checks+Log ​     
                                                        ​ M=SSL+Skip checks+Log​  
 Equivalent IP range . .​                                                        
                                                                                
 SQL statments are not parsed when checks are skipped or rejected.​              
  ​ FTP includes: FTPLOG, REXLOG  ​                                               
  ​ DDM includes: DDM, DRDA  ​                                                    
  ​ DB Server includes: SQLENT, SQL, NDB, OBJINF, DBOPEN  ​                       
 F3=Exit​  ​ F4=Prompt​  ​ F10=Logon security​  ​ F12=Cancel​                          
                                                                                
                                                                                

Enter or modify information in the following fields:

IP Address/*LCL

The IPv4 address for the address range. In addition to IP addresses, you can set this field to:

  • *ALL for rules applied to all IP address ranges that aren't otherwise specified
  • *LCL-generic* for local job or device names.

Subnet mask

The subnet mask for the address range. For a list of possible subnet masks, showing the number of addresses that the range would include, press the F4 key.

Text

A free-form text description of the IP address range.

Secure value

A letter or blank space showing how the rule handles incoming activity for that address range for the protocol indicated by the label above the column. The protocols include:

  • FTP including FTPLOG and REXLOG
  • Telnet
  • DB including SQLENT, SQL, NDB, OBJINF, and DBOPEN
  • TCPSGN, the TCP Sign-On Server
  • RMT, for Remote Program/Command Call
  • DDM including DRDA
  • Fil Srv, for File Server

The possible values are:

  • Blank or N: Reject all incoming activity
  • S: Allow activity, but do not log this
  • Y: Allow activity
In many situations, you can dramatically improve performance by using options B or L. For example, you might use them when an IP address that you know to be well secured and is using SSL, and which doesn't require checking the SQL statements, sends a high volume of requests.

The Equivalent IP range field shows a read-only value indicating the range of IP addresses included by the IP address and subnet mask.