Setting Firewall Rules for Servers
To set Firewall rules for individual servers, select 1. Work with Servers from the Activation and Server Settings screen (STRFW > 1) as shown in Setting Firewall Rules by Server.
The Work with Server Security screen appears.
| Global *FYI* Mode Active Work with Server Security Type options, press Enter. Subset . . . . . 1=Select 5=About Server 6=Display FW Log User IP Log FYI Exit Opt Secure Level Free Act Server Pgm No Database Server - SQL access & Showcase SQL No Open Database DBOPEN No Database Server - data base access NDB No Database Server - object information OBJINF No Remote Command/Program Call RMTSRV No File Server (*) FILSRV No Telnet Device Initialization TELNET No Telnet Device Termination TELOFF Yes Allow Y Y N Y Sign-On Completed (*) SIGNON No Original Data Queue Server ORDTAQ More... (*) Changing the "Secure" parameter requires restarting Host Server or IPL Modify data, or press Enter to confirm. F3=Exit F8=Print F9=Object security F10=Logon security F11=User security F12=Cancel F22=Global setting F23=FYI F24=Emergency |
After the Opt column, it shows these fields for each server on the system:
Secure
- Yes: the server is secured by Firewall.
- No: the server is not secured by Firewall. The other fields, other than Server, are shown as empty.
NOTE: If the field shows the value Other, an external program, other than Firewall, is registered on its exit point.
Level
The level of security for the server. Possible values are:
- Allow: All activity is allowed
- Full: Activity is checked based on both the user and the object being accessed. For Logon-related exit points, logon limitation rules (as shown in Setting Additional Firewall Controls for Specific Servers) are active. Otherwise, user limitation rules are active.
- Usr>Srv: Activity is checked based on the user
- Reject: All activity is rejected
IP
Whether outgoing IP addresses are checked.
- Y: Yes
- [blank]: No
Free
Whether to check for relevant Free-Style Rules (as shown in Setting Free-Style Firewall Rules for Servers).
- Y: Yes
- [blank]: No
Log
Whether activity is logged.
- Y: Yes
- N: No
- R: Rejected activity only
Act
Whether iSecurity Action reacts to activity.
- Y: Yes
- N: No
- R: Rejected activity only
FYI
Whether the server is running in FYI mode (as shown in Running Firewall in FYI Simulation mode)
- Y: Enable FYI mode for this server, regardless of whether FYI mode is enabled for Firewall in general.
- [blank]: Follow the general setting for Firewall.
Server
A long, free-form text name followed by the server's brief system-defined name.
If the long name ends in "(*)", changing the value of the Secure field requires restarting the server itself or a complete IPL.
User Exit Pgm
Whether activity triggers a server-specific user exit program.
- Y: Yes
- N: No
- [blank]: default
To view more detailed information about the server's security settings and to modify them, type 1 in the Opt column for that server and press Enter. The Modify Server Security screen appears, as shown in Modifying Firewall Settings for Servers.
To see further information about the server, including its exit program control points, type 5 in the Opt column for that server and press Enter. The Display Server Information window appears:
| Global *FYI* Mode
Display Server Information Type options, pre 1=Select 5=Abo Server: Validate Password-CRTUSRPRF,CHGUSRPRF Short name.......: PWDVL2 User Highest security.: Valid password Exit Opt Secure Level "What if" enabled: N (Planned for future) Pgm Yes When used........: Validation of pwd changes by PRP Yes Full CRTUSRPRF,CHGUSRPRF. Requires *ALLCRTCHG in sys. SGN No value QPWDRULES that is a user responsibility. VLD 5 No VL2 Yes Allow Exit program control points ACP Y Yes Allow CNT Yes Allow Exit Point Format Comments LSN QIBM_QSY_VLD_PASSWRD VLDP0200 From V7R2 ottom (*) Changing the L Modify data, or p F12=Cancel F3=Exit F11=User security gency |
The window shows the highest security level for the server, whether FYI mode is enabled for it, and other important information. In the example it shows that the PWDLVL2 server requires that the user set the value QPWDRULES to *ALLCRTCHG.
To display the Firewall log for that server, type 6 in the Opt column for that server on the Work with Server Security screen and press Enter. The Display Firewall Log (DSPFWLOG) screen appears, as shown in Displaying Firewall Logs.