Setting Firewall Rules for Incoming Activity by IPv6 Addresses

You can filter incoming activity by IPv6 address from the Dynamic Filtering - Incoming IPv6 Address Security screen. To reach the screen, select 2. Incoming IPv6 Addresses from the Work with Dynamic Filtering screen(STRFW > 2 > 2).

The Dynamic Filtering - Incoming IPv6 Address Security screen appears.

              ​ Dynamic Filtering- Incoming IPv6 Address Security​                
                                                                                
 Type options, press Enter.​                          ​   T   T    ​ F​             
  ​ 1=Select  4=Delete  ​                              ​   E   C    ​ I​             
                                                     ​   L   P    ​ L​             
                                                     ​ F N   S R D​ S​             
                                                ​ Prfx​ T E D G M D​ R​            ​ 
Opt​ IPv6 Address​                                ​ Lngh​ P T B N T M​ V​ Text​        
   *ALL                                          ​    ​  ​  ​  ​  ​  ​  ​  ​ *ALL        
   2001:CF8:2:5D11:3440:B5FF:FE8D:1              ​ 128​ Y​ Y​  ​ Y​ Y​ Y​ Y​             
                                                                                
                                                                                
                                                                                
                                                                                
                                                                                
                                                                                
                                                                                
                                                                                
                                                                  ​       Bottom​ 
  ​ FTP includes: FTPLOG, REXLOG                ​                                 
  ​ DDM includes: DDM, DRDA                     ​                                 
  ​ DB Server includes: SQLENT, SQL, NDB, OBJINF, DBOPEN​                         
 F3=Exit​   ​ F6=Add new​   ​ F8=Print​                         ​ F12=Cancel​          
                                                                                

The screen shows existing rules for filtering activity coming in via various protocols from specific IPv6 addresses. The entry for *ALL shows general rules for incoming activity coming from IPv6 addresses that are not listed.

Each of the other lines shows rules for ranges of IP addresses, shown by a specific IPv6 address and address prefix length. The following columns show the rules for specific protocols, as shown by the vertical text at the top of each column:

  • FTP including FTPLOG and REXLOG
  • Telnet
  • DB including SQLENT, SQL, NDB, OBJINF, and DBOPEN
  • TCPSGN, the TCP Sign-On Server
  • RMT, for Remote Program/Command Call
  • DDM including DRDA
  • Fil Srv, for File Server

For each protocol, the letter in that column shows how the rule handles incoming activity for that protocol from that IP address range:

  • Blank or N: Reject all incoming activity
  • S: Allow activity, but do not log this
  • Y: Allow activity

The final Text column shows a freeform text description of the rule.

To modify an existing rule, enter 1 in the Opt column for that rule. The Dynamic Filtering- Modify Incoming IPv6 Address screen appears, as shown in Modifying a Firewall Rule for Incoming Activity by IPv6 Addresses

To add a new rule, press the F6 key. The Dynamic Filtering- Add Incoming IP Address screen appears, as shown in Adding a Firewall Rule for Incoming Activity by IP Address.