Setting Firewall Rules Manually based on Outgoing IP Address with the Rule Wizard
You can only set Firewall rules manually with the rule wizard if you have set the Wizard type to *STD when opening the wizard.
To set rules manually based on the outgoing IP address of the activity in the Rule Wizard, open the Plan Outcoming IP Security screen, as shown in Analyzing Recent Data on Outgoing Activity by IP Address with the Rule Wizard (STRFW > 2 > 52).
| Plan Outgoing IP Security Type choices, press Enter. Subset . . 1=Statistics 2=Set by use 3=Allow by use 4=Delete 5=DSPFWLOG 6=Create rule 9=Add similar C>R=Current to Revised Y Allowed Y=Allow Specify revised authority in the R column. N Rejected N=Reject Y Allowed (by generic* rule) FTP/ N Rejected (by generic* rule) RE- Number of Logged Entries EXEC FTP/REX Opt IP-Address C>R 1.1.1.105 Y 87 1.1.1.137 Y 2 1.1.1.212 Y 18237 127.0.0.1 N 1 185.113.4.132 Y 38 185.113.4.146 Y 6 185.113.4.148 Y 225 Bottom F3=Exit F6=Add New F8=Print F11=Alt.view F12=Cancel |
To change the setting for outgoing FTP/REXEC requests from one of the listed IP addresses, enter the letter for the new setting in the column for the relevant server and the row for that IP address. The possible letters are:
- Y: Accepted
- N: Rejected
- S: Only accepted over SSL connections
- A: Accepted, without checking whether SQL statements are valid
- B: Only accepted over SSL connections, without checking whether SQL statements are valid
- L: Accepted, without either checking whether SQL statements are valid or logging the activity
- M: Only accepted over SSL connections, without either checking whether SQL statements are valid or logging the activity.
When you have entered the change, type 6 in the Opt field for that IP address then press Enter. The Update Outgoing IP Firewall window appears:
| Plan Outgoing IP Security Type choices, press Enter. Subset . . ............................................................................ : Update Outgoing IP Firewall : : : : Existing generic* rule makes this entry redundant. : : R D : : FTP/ TEL D TCP M D FIL : ) : IP Subnet REXEC NET B SGN T M SRV : : New 80.179.26.75 255.255.255.255 Y : O : Existing 80.179.26.75 255.255.255.224 Y : : : : Write this rule . . . . . . . Y Y=Yes, N=No : : Same answer to all . . . . . Y=Yes, N=No : : : : : : F12=Cancel : : : :..........................................................................: Bottom F3=Exit F6=Add New F8=Print F11=Alt.view F12=Cancel |
In this case, it would create a specific rule for IP Address 1.1.1.105. Since, in this rule set, it is already included in an existing rule for the IP address range starting at 1.1.1.1 with a subnet mask of 255.255.0.0, Firewall notes that it would be redundant.