Modifying a Firewall Rule for Incoming Activity by IP Addresses

To modify an existing rule for filtering incoming activity by IP address, type 1 in the Opt field for that rule in the Dynamic Filtering - Incoming IP Address Security screen, shown in Setting Firewall Rules for Incoming Activity by IP Addresses (STRFW > 2 > 1), and press Enter.

The Dynamic Filtering - Modify Incoming IP Address screen appears:

                ​ Dynamic Filtering- Modify Outgoing IP Address​                  
                                                                                 
 Type choices, press Enter.                                                    ​ 
                                                                                
 IP Address  . . . . .​  ​ 80.179.26.75                    ​ Address, *ALL​         
 Subnet mask . . . . .​  ​ 255.255.255.224                 ​ F4 for list​           
 Text  . . . . . . . .​  ​ RLTOOLS                                                
                                                                                
 FTP . . . . . . . . .​  ​ Y                               ​ Y=Yes , S=SSL only,​   
                                                         ​ A=Skip checks      ​   
                                                         ​ B=SSL+Skip checks  ​   
                                                         ​ L=Skip checks+Log  ​   
                                                         ​ M=SSL+Skip checks+Log​ 
                                                                                
 Equivalent IP range .​  ​ 80.179.26.64-80.179.26.95      ​                        
                                                                                
                                                                                
 S=SSL requires that the connection is encrypted (Checked from V5R1)​            
                                                                                
                                                                                
                                                                                
 F3=Exit   F4=Select Subnet    F12=Cancel​                                       
                                                                                
                                                                                

Enter or modify information in the following fields:

IP Address/*LCL

The IPv4 address for the address range. In addition to IP addresses, you can set this field to:

  • *ALL for rules applied to all IP address ranges that aren't otherwise specified
  • *LCL-generic* for local job or device names.

Subnet mask

The subnet mask for the address range. For a list of possible subnet masks, showing the number of addresses that the range would include, press the F4 key.

Text

A free-form text description of the IP address range.

Secure value

A letter or blank space showing how the rule handles incoming activity for that address range for the protocol indicated by the label above the column. The protocols include:

  • FTP including FTPLOG and REXLOG
  • Telnet
  • DB including SQLENT, SQL, NDB, OBJINF, and DBOPEN
  • TCPSGN, the TCP Sign-On Server
  • RMT, for Remote Program/Command Call
  • DDM including DRDA
  • Fil Srv, for File Server

The possible values are:

  • Blank or N: Reject all incoming activity
  • S: Allow activity, but do not log this
  • Y: Allow activity
In many situations, you can dramatically improve performance by using options B or L. For example, you might use them when an IP address that you know to be well secured and is using SSL, and which doesn't require checking the SQL statements, sends a high volume of requests.

The Equivalent IP range field shows a read-only value indicating the range of IP addresses included by the IP address and subnet mask.