Configuring packet rules

This checklist contains an overview of the tasks you must complete to ensure that your rules work properly when activated.

You can find the specific information in the Packet Rules Editor online help.

After you have created a plan for packet rules on your system, you should be ready to begin actually creating and applying them.

__ Access the Packet Rules Editor. Follow these instructions to access the Packet Rules Editor in IBM® Navigator for i.
__ Use the wizards provided as part of the Packet Rules Editor to create your rules files:
  • Permit a Service Wizard

    This wizard generates and inserts a set of packet rule statements that permits the necessary traffic for a given TCP or User Datagram Protocol (UDP) service.

  • Spoof Protection Wizard

    This wizard generates and inserts a set of packet rule statements that denies any traffic on an interface that should only be entering this server through a different interface.

  • Address Translation Wizard

    This wizard generates and inserts a set of either map or hide packet rules statements.

Depending on what type of rules you want to configure, these wizards create all of the required filter and network address translation (NAT) statements for you. You can access the wizards from the Wizards menu in the Packet Rules Editor. If you prefer to write the rules yourself, continue to the next item in the checklist.
__ Define addresses and services by creating aliases for the addresses and services for which you plan to create multiple rules.
Note: You must define addresses if you want to create NAT rules.
__ Create NAT rules. Perform this task only if you plan to use NAT.
__ Create filter rules to define what filters to apply to the network that this system administrates.
__ Specify any additional files that you want to include in your master rules file. Complete this task only if you have existing rules files that you want to reuse in a new rules file.
__ Define the interfaces by applying your rules.
__ Make comments to describe what each rules file does.
__ Verify your rules files to ensure that your rules will be activated error free and without problems.
__ Activate your rules file. Packet rules must be activated in order for them to work.
__ Manage packet rules. After you have activated your packet rules, you must manage them periodically to maintain the security of your system.