Substituting Firewall Rules for Native Objects with Rules from a Policy Library

You can direct Firewall to use its rules for one library for others. In this way, if you set the rules for that policy library, you can apply them to multiple other libraries and work with that single set rather than having to keep a separate set of rules for each library.

To substitute rules for one library with the rules for others, select 61. Work with IASP/generic* Lib Names from the Native Object Security screen (STRFW  > 4), as shown in Setting Firewall Rules for Native Objects.

The Work with IASP/generic* Library Names screen appears:

                    ​ Work with IASP/generic* Library Names​                      
 Check the rules of the Policy Library for objects in an IASP/generic* library. 
                                                                                
 Type options, press Enter.​                                                     
  ​ 1=Select  4=Delete  ​                             ​ Subset . . .​               
                       ​ Policy    ​                                              
 Opt​  IASP​  Library*​   ​ Library   ​                                              
     ​    ​  ​ LIB1      ​  TESTALL   ​                                              
 ​    ​    ​  ​ LIB2      ​  TESTALL   ​                                              
 ​    ​    ​  ​ LIB3      ​  TESTALL   ​                                              
 ​    ​    ​  ​ LIB4      ​  TESTALL   ​                                              
 ​    ​    ​  ​ LIB5      ​  TESTALL   ​                                              
 ​    ​    ​  ​ LIB6      ​  TESTALL   ​                                              
 ​    ​    ​  ​ MAGDAT    ​  FTP       ​                                              
 ​    ​    ​  ​ PROD*     ​  PROD      ​                                              
 ​    ​  33​  ​ ABC       ​  FOR#ABC#33​                                              
 ​    ​  33​  ​ TT        ​  TT3       ​                                              
                                                                  ​       Bottom​ 
 Use this screen to eliminate repetitive rules in cases where there is a set ​   
 of libraries which require similar Native Object rules.                     ​   
 For testing purposes only, the check will be conducted on the Template Library.
 F3=Exit    F6=Add new    F8=Print    F12=Cancel                      ​          
                                                                                
                                                                                

The body of the screen contains lines representing each single or generic* library for which rules from another library are substituted. After the standard Opt field, the fields are:

ASP

If the library is in an Auxiliary Storage Pool, the number of the ASP.

Library*

The name or generic name of the library that uses rules from a policy library

Library

The library from which the rules are substituted.

To add a new rule substitution, press the F6 key. The Add Policy Library appears, with the same fields as on this screen. Enter the values for the libraries for and from which rules are to be replaced.

To modify the listing for a library, changing the policy library from which the rules are substituted for it, enter 1 in the Opt field for that library. The Modify Policy Library appears, in which you can make that change.

To delete a listing, so that rules will no longer be substituted for a library, enter 4 in the Opt field for that library. The Delete Policy Libraries screen appears, confirming the deletion.

In native object rules, you refer to the policy library PROD or TEST instead of creating single rules for each library. Using the LIB* would cover all objects in libraries, starting with LIB* and using the rules for the Policy Library.