Firewall Rules
Firewall rules need to be created on the local firewall to allow the local IBM® Connect:Direct® node to communicate with the remote IBM Connect:Direct node. A typical packet-filtering firewall rule specifies that the local firewall is open in one direction (inbound or outbound) to packets from a particular protocol with particular local addresses, local ports, remote addresses, and remote ports. Firewall Navigation differs between TCP and UDT; as a result, firewall rules for TCP and UDT should be configured differently.
TCP Firewall Navigation Rules
In the following table, the TCP rules are presented in two sections: the first section applies to rules that are required when the local node is acting as a PNODE; the second section applies to rules that are required when the local node is acting as an SNODE. A typical node acts as a PNODE on some occasions and an SNODE on other occasions; therefore, its firewall will require both sets of rules.
| TCP PNODE Rules | |||
|---|---|---|---|
| Rule Name | Rule Direction | Local Ports | Remote Ports |
| PNODE session | Outbound | Local C:D's source ports | Remote C:D's listening port |
| TCP SNODE Rules | |||
| Rule Name | Rule Direction | Local Ports | Remote Ports |
| SNODE session | Inbound | Local C:D's listening port | Remote C:D's source ports |
UDT Firewall Navigation Rules
UDT firewall rules are applied to the UDP protocol. The recommended default firewall rule for UDP packets is to block packets inbound to the local system and outbound from the local system to prevent the confusion that could occur due to the callback feature of UDT session establishment.
In the following table, the UDT rules are presented in two sections: the first section applies to rules that are required when the local node is acting as a PNODE; the second section applies to rules that are required when the local node is acting as an SNODE. A typical node acts as a PNODE on some occasions and an SNODE on other occasions; therefore, its firewall will require both sets of rules.
| UDT PNODE Rules | |||
|---|---|---|---|
| Rule Name | Rule Direction | Local Ports | Remote Ports |
| PNODE Session Request | Outbound | Local C:D's source ports | Remote C:D's listening port |
| PNODE Session | Outbound | Local C:D's source ports | Remote C:D's source ports |
| UDT SNODE Rules | |||
| Rule Name | Rule Direction | Local Ports | Remote Ports |
| SNODE listen | Inbound | Local C:D's listening port | Remote C:D's source ports |
| SNODE session | Inbound | Local C:D's source ports | Remote C:D's source ports |