80 lines
6.1 KiB
HTML
80 lines
6.1 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="task" />
|
||
|
<meta name="DC.Title" content="Activate packet rules" />
|
||
|
<meta name="abstract" content="Activating the packet rules that you create is the final step in configuring packet rules." />
|
||
|
<meta name="description" content="Activating the packet rules that you create is the final step in configuring packet rules." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzajbrzajbx1creatingnewrulessd.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb8a1verifyingsd.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb0dexample2.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb0eexample3.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb0fexample4.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb0gexample5.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzajbrzajbx2managingrulessd.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="activaterules" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Activate packet rules</title>
|
||
|
</head>
|
||
|
<body id="activaterules"><a name="activaterules"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Activate packet rules</h1>
|
||
|
<div><p>Activating the packet rules that you create is the final step in
|
||
|
configuring packet rules.</p>
|
||
|
<div class="section"><p>You must activate, or load, the rules that you created in order
|
||
|
for them to work. However, before you activate your rules you should verify
|
||
|
that they are correct. Always attempt to resolve any problems before activating
|
||
|
your packet rules. If you activate rules that have errors or that are ordered
|
||
|
incorrectly, your system will be at risk. Your system has a verify function
|
||
|
that is automatically invoked any time you activate your rules. Because this
|
||
|
automatic feature only checks for major syntactical errors, you should not
|
||
|
rely solely on it. Make sure to always manually check for errors in your rules
|
||
|
files as well.</p>
|
||
|
<p>When filter rules are not applied to an interface (for
|
||
|
example, you are only using NAT rules, not filtering rules), a warning (TCP5AFC)
|
||
|
appears. This is not an error. It only verifies whether using one interface
|
||
|
is your intention. Always look at the last message. If it says
|
||
|
the activation is successful, then the messages above it are all warnings. </p>
|
||
|
<div class="note"><span class="notetitle">Note:</span> When
|
||
|
you activate new rules on all interfaces, they replace all previous rules
|
||
|
on all physical interfaces. Even if a physical interface is not mentioned
|
||
|
in the new rules, it will be replaced. However, if you choose to activate
|
||
|
new rules on a specific interface, the rules will only replace the rules on
|
||
|
that specific interface. Existing rules on other interfaces will be untouched.</div>
|
||
|
<p>After
|
||
|
your packet rules have been configured and activated, you might need to periodically
|
||
|
manage them to ensure the security of your system. </p>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajbrzajbx1creatingnewrulessd.htm" title="Read the checklist that contains an overview of the tasks you must complete to ensure that your rules work properly when activated.">Configure packet rules</a></div>
|
||
|
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzajbrzajb8a1verifyingsd.htm" title="Always verify your rules before you activate them. This helps ensure that the rules will be activated without problems.">Verify packet rules</a></div>
|
||
|
</div>
|
||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="rzajbrzajb0dexample2.htm" title="In this scenario, your company uses static network address translation (NAT) to map its private IP addresses to public addresses.">Scenario: Map IP addresses using NAT</a></div>
|
||
|
<div><a href="rzajbrzajb0eexample3.htm" title="In this scenario, your company uses IP filtering to restrict the IP traffic that can access its Web server to HTTP, Telnet, and FTP.">Scenario: Create filter rules to allow HTTP, Telnet, and FTP</a></div>
|
||
|
<div><a href="rzajbrzajb0fexample4.htm" title="In this scenario, your company combines network address translation (NAT) and IP filtering together. Your company wants to hide its personal computers and Web server behind a single, public, IP address and to allow other companies to access the Web server.">Scenario: Combine NAT and IP filtering</a></div>
|
||
|
<div><a href="rzajbrzajb0gexample5.htm" title="In this scenario, your company uses masquerade network address translation (NAT) to hide the private addresses of your personal computers. At the same time, your company allows your employees to access the Internet.">Scenario: Hide IP addresses using masquerade NAT</a></div>
|
||
|
</div>
|
||
|
<div class="reltasks"><strong>Related tasks</strong><br />
|
||
|
<div><a href="rzajbrzajbx2managingrulessd.htm" title="To maintain the security of your system and the integrity of your packet rules, periodically perform the management tasks.">Manage packet rules</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|