Setting Firewall Rules for Incoming Activity by IP Addresses

You can filter incoming activity by IP address from the Dynamic Filtering - Incoming IP Address Security screen. To reach the screen, select 1. Incoming IP Addresses/Local-jobs from the Work with Dynamic Filtering screen (STRFW > 2 > 1).

               ​ Dynamic Filtering- Incoming IP Address Security​                 
                                                                               ​ 
Type options, press Enter.                                                  ​    
 ​ 1=Select  4=Delete  ​             ​ F​  Te​      ​ R​  D​                            
                                   ​ T​  ln​ D​ TCP​ M​  D​ Fil​                       ​ 
Opt​ IP Address/*LCL​  Subnet Mask​   ​ P​  et​ B​ SGN​ T​  M​ Srv​ Text​                   
    *ALL           ​ 0.0.0.0        ​ Y​  Y​  Y​  Y​   ​   ​   ​  *ALL                  ​ 
    *LCL-*         ​                ​ Y​  Y​  Y​  Y​  Y​  Y​  Y​                        ​ 
    1.1.1.3        ​ 255.255.255.254​  ​   ​   ​   ​   ​   ​   ​                        ​ 
    1.1.1.69       ​ 255.255.255.255​  ​   ​   ​   ​   ​   ​  Y​  RULE SET BY WIZARD    ​ 
    1.1.1.71       ​ 255.255.255.255​ Y​  Y​  Y​  Y​   ​   ​  Y​  RULE SET BY WIZARD    ​ 
    1.1.1.77       ​ 255.255.255.255​ Y​  Y​   ​  Y​   ​   ​  Y​  RULE SET BY WIZARD    ​ 
    1.1.1.79       ​ 255.255.255.255​ A​  A​  A​  A​  A​  A​   ​  dev.razlee            ​ 
    1.1.1.103      ​ 255.255.255.254​  ​   ​   ​   ​   ​   ​   ​                        ​ 
    1.1.1.105      ​ 255.255.255.255​ Y​  Y​  Y​  Y​  Y​  Y​  Y​  RULE SET BY WIZARD    ​ 
    1.1.1.114      ​ 255.255.255.252​  ​   ​   ​   ​  Y​   ​   ​  test                  ​ 
    1.1.1.114      ​ 255.255.255.255​ Y​   ​   ​   ​  Y​   ​   ​  RULE SET BY WIZARD    ​ 
    1.1.1.127      ​ 255.255.255.255​  ​  Y​  Y​  Y​   ​   ​   ​  RULE SET BY WIZARD    ​ 
                                                                  ​      More...​ 
  ​ FTP includes: FTPLOG, REXLOG​                                                 
  ​ DDM includes: DDM, DRDA​                                                      
  ​ DB Server includes: SQLENT, SQL, NDB, OBJINF, DBOPEN​                        ​ 
F3=Exit​  ​ F6=Add new​  ​ F8=Print​  ​ F10=Logon security​  ​ F12=Cancel​               
                                                                                

The screen shows existing rules for filtering activity coming in via various protocols from specific IP addresses. The entry for *ALL shows general rules for incoming activity coming from IP addresses that are not listed. The entry for *LCL-* shows general rules for activity that originates within the same system.

Each of the other lines shows rules for ranges of IP addresses, shown by a specific IP address and Subnet Mask. The following columns show the rules for specific protocols, as shown by the vertical text at the top of each column:

  • FTP including FTPLOG and REXLOG
  • Telnet
  • DB including SQLENT, SQL, NDB, OBJINF, and DBOPEN
  • TCPSGN, the TCP Sign-On Server
  • RMT, for Remote Program/Command Call
  • DDM including DRDA
  • Fil Srv, for File Server

For each protocol, the letter in that column shows how the rule handles incoming activity for that protocol from that IP address range:

  • Blank or N: Reject all incoming activity
  • S: Allow activity, but do not log this
  • Y: Allow activity

The final Text column shows a freeform text description of the rule.

To add a new rule, press the F6 key. The Dynamic Filtering- Add Incoming IPv6 Address screen appears, as shown in Adding a Firewall Rule for Incoming Activity by IP Address.

To modify an existing rule, type 1 in the Opt column for that rule. The Dynamic Filtering- Modify Incoming IP Address screen appears, as shown in Modifying a Firewall Rule for Incoming Activity by IP Addresses

To use the Rule Wizard to develop rules by analyzing your system's recent activity, see Using the Rule Wizard for Incoming Activity by IP Address.