Modifying Firewall Rules for IFS Files and Folders

To modify rules for filtering IFS files and folders, enter 1 in the Opt field for the rule on the Work with IFS Security screen, as shown in Setting Firewall Rules for IFS Files and Directories (STRFW  > 5 > 1).

The Modify IFS Security screen appears:

                             ​ Modify IFS Security​                               
                                                                                
 File System/Root Dir  . . . . . . . . . . .​  /                               ​  
 Directory/File name . . . . . . . . . . . .​  A                                 
                                                                                
                                                                                
                                                              ​                  
 If generic* or *ALL, refer to directory subtree​   ​ Y​     ​ Y=Yes, N=No​          
 The above is irrelevant as file is not generic* or per the global IFS setting.​ 
 Define user authority, press Enter.​                                            
 ​ Y=Yes  D=Dir only (on Create)  F=STMF only (on Create)  S=Skip (Allow, no log)
 User Group/​                    ​ Create​                                         
 User*     ​    ​ Read​   ​ Write​   ​ Y/D/F​   ​ Rename​  ​ Delete​   ​ Move​               
                ​         ​         ​         ​         ​         ​                   
                ​         ​         ​         ​         ​         ​                   
                ​         ​         ​         ​         ​         ​                   
                ​         ​         ​         ​         ​         ​                   
                ​         ​         ​         ​         ​         ​                   
                ​         ​         ​         ​         ​         ​                   
                ​         ​         ​         ​         ​         ​                   
                ​         ​         ​         ​         ​         ​                   
                                                                  ​      More...​ 
 F3=Exit​  ​ F4=Prompt​  ​ F8=Print​  ​ F9=Print File System​  ​ F12=Cancel​             
                                                                                

The read-only File System/Root Dir and Directory/File name fields show the path to the objects to which the rules refer.

The screen contains a field labeled If generic* - refer to directory structure.

  • If the Directory/File name field ends in an asterisk ("*"):
    • To refer to all matching objects in the current directory, as well as in directories below the specified one that match the name, type Y.
    • To refer only to objects within the current directory and not those below it, type N.
  • Otherwise (if the Directory/File name field does not end in an asterisk), this field is ignored.

Each line on the rest of the screen contains rules for specific users or groups of users requesting authority to act on the objects. The lines contain these fields:

User*, %Group, Group profile

The name or generic name of a user or group for whom you are creating these settings. To see a list of possible users or groups, press the F4 key. If it is *PUBLIC, the rule is for all users for whom further rules for accessing these objects have not been specified.

Read

If set to Y, the user or group may read this object.

Write

If set to Y, the user or group may write to this object.

Create

Whether the user can create the object. Possible values are:

  • Y: User may create directories and files
  • S: User may create directories and files, this is not logged
  • D: User may only create directories
  • F: User may only create files

Rename

If set to Y, the user or group may rename this object.

Delete

If set to Y, the user or group may delete this object.

Move

If set to Y, the user or group may move this object.