Adding Firewall Rules for IFS Files and Folders
To add rules for filtering IFS files and folders, press the F6 key on the Work with IFS Security screen, as shown in Setting Firewall Rules for IFS Files and Directories (STRFW > 5 > 1).
The Add IFS Security screen appears:
| Add IFS Security Type information, press Enter. File System/Root Dir Name, /, F4 for List Directory/File . . . Name, generic*, *ALL Possible File Systems: QDLS, NFS, QOpenSys, QOPT, QFileSvr.400, QNetWare, QNTC, QLANSrv, QSYS.LIB. Use QSYS.LIB for Native Objects with *FILE, *LIB, *DTAQ object types. '/' is required for all directories except the root. Examples for Directory/File: *ALL All files in all directories file* File or Generic* file folder/file* File or Generic* file in a directory folder/ The directory itself F3=Exit F4=Prompt F12=Cancel |
The screen contains the following fields:
File System/Root Dir
The file system or root directory containing the objects. To see a list of existing file systems, press the F4 key.
Directory/File
The path to the object, beneath the file system or root directory shown in the previous field. If it ends in an asterisk ("*"), it refers to all the files and folders within that directory. If it ends in a slash ("/"), it refers to the directory itself.
When you have entered these values, press Enter.
A second Add IFS Security screen appears:
| Add IFS Security File System/Root Dir . . . . . . . . . . . DIR1 Directory/File name . . . . . . . . . . . . TESTFILE If generic*, refer to directory subtree . Y Y=Yes, N=No The above is irrelevant as file is not generic* or per the global IFS setting. Define user authority, press Enter. Y=Yes D=Dir only (on Create) F=STMF only (on Create) User Group/ Create User* Read Write Y/D/F Rename Delete Move *PUBLIC More... F3=Exit F4=Prompt F12=Cancel |
The screen contains a field labeled If generic* - refer to directory structure.
- If the Directory/File name field ends in an asterisk ("*"):
- To refer to all matching objects in the current directory, as well as in directories below the specified one that match the name, type Y.
- To refer only to objects within the current directory and not those below it, type N.
- Otherwise (if the Directory/File name field does not end in an asterisk), this field is ignored.
Each line on the rest of the screen contains rules for specific users or groups of users requesting authority to act on the objects. The lines contain these fields:
User*, %Group, Group profile
The name or generic name of a user or group for whom you are creating these settings. To see a list of possible users or groups, press the F4 key. If it is *PUBLIC, the rule is for all users for whom further rules for accessing these objects have not been specified.
Read
If set to Y, the user or group may read this object.
Create/Write
If set to Y, the user or group may create or write to this object.
Rename
If set to Y, the user or group may rename this object.
Delete
If set to Y, the user or group may delete this object.
Move
If set to Y, the user or group may move this object.