Setting Firewall Rules for Socket Connections

Sockets are communications connection endpoints that you can name and address in a network. You can create Firewall rules to control them.

You can enable sockets from the Work with Server Security screen (STRFW> 1 > 1) as shown in Setting Firewall Rules for Servers. To enable accepting, connecting to, or listening on socket connect, you must enable the Socket Accept (SKTACP), Socket Connect (SKTCNT), and Socket Listen (SKTLSN) servers, respectively.

To set Firewall rules for socket connections, select 15. Incoming/Outgoing Socket Connections from the main Firewall menu. The Incoming/Outgoing Connection Rules screen appears:

​ GSSKMNU ​            ​  Incoming/Outgoing Connection Rules ​                      
					                                                            ​ System:​  ​ RLDEV   ​ 
					​ Select one of the following:​                                                   
						                                                                                
					​ Definitions ​                                                                   
					  ​  1. Incoming Connection Rules           ​                                     
					  ​  2. Outgoing Connection Rules           ​                                     
						                                                                                
					  ​  5. IP-Group Definitions​                                                     
						                                                                                
						                                                                                
					​ Reporting​                                                                      
					  ​ 11. Display Socket Log​                                                       
					  ​ 12. Display Socket Connect Log​                                               
					  ​ 13. Display Socket Accept Log ​                                               
					  ​ 14. Display Socket Listen Log ​                                               
						                                                                                
						                                                                                
					​ Selection or command                  ​                                         
					​ ===>​                                                                           
					                                                                               ​ 
					​ F3=Exit   F4=Prompt   F9=Retrieve   F12=Cancel                                ​ 
					​ F13=Information Assistant  F16=System main menu                                
					​                                                                               ​ 
				​

The rules can refer either to ranges of IP addresses specified within the rules or to named IP-Groups, which can refer to sets of IP addresses that are not continuous, indicating which are included or excluded.

To view and specify IP-Groups, select 5. IP-Group Definitions. The Work with IP-Groups screen appears, as shown in Defining IP-Groups for Socket Connections.

To set incoming connection rules, select 1. Incoming Connection Rules. The Work with Incoming Connection Rules screen appears, as shown in Setting Firewall Rules for Incoming Socket Connections.

To set outgoing connection rules, select 2. Outgoing Connection Rules. The Work with Outgoing Connection Rules screen appears, as shown in Setting Firewall Rules for Outgoing Socket Connections.

To view logs of all socket actions or of only those that connect to, accept connections from, or listen to sockets, select options 11, 12, 13, or 14, respectively. The Display Firewall Log (DSPFWLOG) screen appears, as shown in Displaying Firewall Logs, with appropriate values set in its Type field.