Setting Firewall Rules Manually based on Incoming IP Address with the Rule Wizard
You can only set Firewall rules manually with the rule wizard if you have set the Wizard type to *STD when opening the wizard.
To set rules manually based on the incoming IP address of the activity in the Rule Wizard, open the Plan Incoming IP Security screen, as shown in Analyzing Recent Data on Incoming Activity by IP Address with the Rule Wizard (STRFW > 2 > 42).
| Plan Incoming IP Security Type choices, press Enter. Subset . . 1=Statistics 2=Set by use 3=Allow by use 4=Delete 5=DSPFWLOG 9=Add similar C>R=Current to Revised Y Allowed Y=Allow Specify revised authority in the R column. N Rejected N=Reject Press Enter to apply revised authority. Y Allowed (by generic* rule) FTP/ N Rejected (by generic* rule) RE- Tel DB TCP RMT DDM/ Fil Number of Logged Entries EXEC net Srv SGN Srv DRDA Srv FTP/REX Telnet ---DB--- File Opt IP-Address C>R C>R C>R C>R C>R C>R C>R TCPSGN -RMT-- DDM/DRDA Srv 1.1.1.137 N N Y N N N N 24 1.1.1.139 Y S S Y N Y Y 218 Bottom F3=Exit F6=Add New F8=Print F11=Alt.view F12=Cancel |
To set whether activity for a server from a given IP address is accepted, enter the letter for the new setting in the column for the relevant server and the row for that IP address. The possible letters are:
- Y: Accepted
- N: Rejected
- S: Only accepted over SSL connections
- A: Accepted, without checking whether SQL statements are valid
- B: Only accepted over SSL connections, without checking whether SQL statements are valid
- L: Accepted, without either checking whether SQL statements are valid or logging the activity
- M: Only accepted over SSL connections, without either checking whether SQL statements are valid or logging the activity.
When you have entered all the changes, enter 6 in the Opt field for that IP address. The Update Outgoing IP Firewall window appears:
| Plan Incoming IP Security Type choices, press Enter. Subset . . Update Incoming IP Firewall New information is about to OVERLAY existing one: R D FTP/ TEL D TCP M D FIL ) IP Subnet REXEC NET B SGN T M SRV New 1.1.1.139 255.255.255.255 N N Y N N N N O Existing 1.1.1.139 255.255.255.255 Y S S Y N Y Y Write this rule . . . . . . . Y Y=Yes, N=No Same answer to all . . . . . Y=Yes, N=No F12=Cancel Bottom F3=Exit F6=Add New F8=Print F11=Alt.view F12=Cancel |
In this case, the only change that had been made was to change the letter for the FTP/REXEC server from N to Y. That item in the rule is changed. The rest of it remains the same.
To save changes and exit this window, press Enter. The Rules Wizard saves the rule being changed and removes the line for that IP Address from the screen. You can see the resulting rule on the Dynamic Filtering- Outgoing IP Address Security screen, as shown in Setting Firewall Rules for Outgoing Activity by IP Address (STRFW>2 > 1).
To exit this window without saving changes, press the F12 key. The window closes. The changes that would have been made are marked in the columns for those servers in the lines for those IP addresses on the screen. You can then further work with the rules and save them manually.