Setting Filter Conditions
Using the Filter Conditions screen, you can combine tests on any number of fields in a record to determine the system's response.
Within Firewall, the screen appears when you add or modify a free-style rule for filtering access to servers (STRFW > 15, F6 or Opt 1).
| Filter Conditions Entry . . . . . . . . 45 *DBOPEN Open Database Sequence . . . . . . . 2.0 *DBOPEN Open Database Subset by text . . Type conditions, press Enter. Specify OR to start each new group. Test: EQ, NE, LE, GE, LT, GT, N/LIST, N/LIKE, N/ITEM, N/START, N/PGM And For N/LIKE: % is "any string"; Case is ignored Or Field Test Value (If Test=ITEM use F4) UC Object library EQ DH Date & Time yyyy-mm-dd-hh.mm Name of job User of job Number of job Current user profile System name Object Object library User Open type More... Pink fields are from the generic header. Green fields apply to this type only. F3=Exit F4=Prompt F6=Insert F8=UC/LC F12=Cancel |
The read-only fields at the top of the screen show the entry type of the server, as both a numerical code and a text description, followed by the relative sequence number in which the filter runs and a text description of the filter (or, if that has not been set, a repetition of the server description).
Each line on the body of the screen shows a single test to be done on the record or request being checked. They include four fields:
And/Or
How this test connects to the ones above it, as described below. (This field does not appear on the first line, since no test precedes it.)
Field
The name of the field within the record or request being checked. The items in this field are read-only. If they appear in green, they are the names of fields defined for files on that server or entry type. If they appear in pink, they are generic fields referring to the event or request being tested.
Test
How the Field is compared to the Value, using comparators shown below.
Value
The value against which the Field is tested.
This field is case sensitive, unless the Test field is set to LIKE or NLIKE. The two characters shown in a black-on-green field at the right end of the line of field labels about the first line of the body of the screen shows the Caps-Lock state. If the field shows "UC", typed characters are entered as uppercase. If it shows "LC", typed characters are entered as lowercase. To toggle between them, press the F8 key.
Setting the Order of Rules
Tests are run in the order that they appear in the list, from the top down. Tests that you have defined appear at the top of the list. Lines without tests appear below them and are ignored by the filter.
To insert a test above a line showing a defined test, place the cursor on the line containing that test and press the F6 key. The Select Multiple Fields window appears, showing the list of generic fields and fields known to the server. To select the field to test, type 1 in its Opt field and press Enter. A line for a test based on the field appears on the Filter Conditions screen above the line on which you had placed the cursor.
To insert a test after the last defined test, place the cursor on a line below that test and press the F6 key. The Select Multiple Fields window appears, showing the list of generic fields and fields known to the server. To select the field to test, type 1 in its Opt field and press Enter. The window closes and a line for a test based on the field appears on the Filter Conditions screen below the last of the defined tests.
To delete a test, clear the Test and Value fields from the line showing the test. The line is removed when the screen refreshes.
To move a test, insert an identical test in the new position then clear the original test.
Test Comparison Operators
The Test field can be set to the following values:
- EQ: Equal to. The field contents are identical to those of the Value field.
- NE: Not equal to. The field contents are not identical to those of the Value field.
- LT: Less than. The field contents are less than those of the Value field. To select all instances in which a field is empty, use the LT operator, and set the Value operator to "." (a single dot).
- LE: Less than or equal to. The field contents are less than or equal to those of the Value field.
- GT: Greater than. The field contents are greater than those of the Value field.
- GE: Greater than or equal to. The field contents are greater than or equal to those of the Value field. To select all instances in which a field is not empty, use the GE operator, and set the Value operator to "." (a single dot).
- LIST: Included in list. The field contents are included in a space-separated list in the Value field. For example, "BLUE" is included in the list "RED BLUE GREEN". (LIST is not effective if you might be checking values that contain spaces, such as "NEW YORK" or "VAN HALEN". To check those, either create a group to be used with ITEM or combine a set of EQ tests.)
- NLIST: Not included in list. The field contents are not included in a space-separated list in the Value field. For example, "YELLOW" is not included in the list "RED BLUE GREEN". (Like LIST, NLIST is not effective if you might be checking values that contain spaces.)
- LIKE: Matches a substring search. The field contents match the string in the Value field. The "%" character can be used as a wild card in the Value field. For example, if the field contents consists of the string "PURPLE", it would be LIKE the Value field string "%URP%".
- NLIKE: Does not match a substring search. The field contents do not match the string in the Value field. The "%" character can be used as a wild card in the Value field. For example, if the field contents consists of the string "ORANGE", it would be NLIKE the Value field string "%URP%".
- ITEM: True if the value of the Field field is a member of a group named in the Value field. After entering ITEM in the Test field, place the cursor in the Value field and press the F4 key. The Select Subject window appears, containing a list of groups known to the system. To select a group from this list, type 1 in the Opt field for that group and press the Enter key. To work with the groups, including editing or removing them, press the F6 key.
- NITEM: True if the value of the Field field is not a member of a group named in the Value field. You can select a group from a list as shown for the ITEM operator.
- START: True if the value of the Field field begins with the characters in the Value field.
- NSTART: True if the value of the Field field does not begin with the characters in the Value field.
- PGM:True if a specific user program, run against the Field contents, returns a value of True. Indicate the program in the Value field as "LIBRARY/PROGRAM".
- NPGM: True if a specific user program, run against the Field contents, returns a value of False. Indicate the program in the Value field as "LIBRARY/PROGRAM".
Combining Tests with the And/Or Field
By default, consecutive tests on the screen are combined. The result is True only if the result of each of the tests is True.
If the line for a test contains the letter "O" (for "Or") in its And/Or field, it causes the filter to consider the tests included on the screen as two distinct groups. If either the group of tests before the line with the "O" or the group of tests beginning with and following that line are all True, the result is True.
| Filter Conditions Entry . . . . . . . . 09 *TFTP TFTP Server Request Validation Sequence . . . . . . . 1.0 Checking two users for TFTP Subset by text . . Type conditions, press Enter. Specify OR to start each new group. Test: EQ, NE, LE, GE, LT, GT, N/LIST, N/LIKE, N/ITEM, N/START, N/PGM And For N/LIKE: % is "any string"; Case is ignored Or Field Test Value (If Test=ITEM use F4) UC IP address EQ 192.0.2.1 A User of job LIST DAVID EDDIE MICHAEL ALEX O IP address EQ 192.0.2.2 A User of job LIST JOHN PAUL GEORGE RINGO Date & Time yyyy-mm-dd-hh.mm Name of job User of job Number of job Current user profile System name Object More... Pink fields are from the generic header. Green fields apply to this type only. F3=Exit F4=Prompt F6=Insert F8=UC/LC F12=Cancel |
In this example, using values for iSecurity/Firewall, the filter conditions are true if either
- The IP address is 192.0.2.1 and the user is any of DAVID, EDDIE, MICHAEL, or ALEX, or
- The IP address is 192.0.2.2 and the user is any of JOHN, PAUL, GEORGE, or RINGO.
This follows standard logic operations, where AND has precedence over OR, as shown in IBM documentation at https://www.ibm.com/support/knowledgecenter/SSLTBW_2.4.0/com.ibm.zos.v2r4.f54dg00/ispdg170.htm