ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzajb_5.4.0.1/rzajbrzajb8b0definingaddsd.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Define addresses and services" />
<meta name="abstract" content="When you create packet rules, you must specify the IP addresses and services to which you want the rules to apply." />
<meta name="description" content="When you create packet rules, you must specify the IP addresses and services to which you want the rules to apply." />
<meta name="DC.Relation" scheme="URI" content="rzajbrzajbx1creatingnewrulessd.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb8accessingsd.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb8bcreatingnatrulessd.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb89commentssd.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzajb8b0-definingadd_sd" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Define addresses and services</title>
</head>
<body id="rzajb8b0-definingadd_sd"><a name="rzajb8b0-definingadd_sd"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Define addresses and services</h1>
<div><p>When you create packet rules, you must specify the IP addresses
and services to which you want the rules to apply.</p>
<div class="section"><p>Defined addresses are interface specifications that have been
given symbolic names. You should define addresses when the address you want
to represent is a range of addresses, a subnet, a list of point-to-point identifiers,
or a list of non-contiguous addresses. A defined address statement is required
when you plan to create map address translation rules. If the address you
want to represent is a single IP address in a filter statement, then a defined
address statement is not required. Service aliases allow you to define services
and then to reuse them in any number of filters. Service aliases also keep
track of the purposes of different service definitions.</p>
<div class="p">Defining addresses
and service aliases makes it easier to create your packet rules. When you
create the rules, you refer to the address nickname or service alias rather
than the specific address or service details. Using nicknames and aliases
in your filter rules has the following advantages:<ul><li>Minimizes the risks of typographical errors.</li>
<li>Minimizes the number of filter rules that you need to create.</li>
</ul>
</div>
<div class="p">For example, you have users on your network who need Internet
access. However, you want to restrict these users to Web access only. You
have two choices about how to create the filter rules that you need in this
situation.<ul><li>Define a filter rule for each user's IP address.</li>
<li>Create a nickname for the entire address set that represents your users
by defining an address.</li>
</ul>
</div>
<p>The first choice increases your chances of making typographical
errors, as well as increasing the amount of maintenance that
you must perform for your rules file. Using the second choice, you only need
to create two filter rules. Use a nickname in each rule to refer to the entire
set of addresses to which the rule applies. </p>
<div class="p">You can also create nicknames
for services and use them in the same manner as address nicknames. The service
alias defines what TCP, UDP, and ICMP criteria you want to select. You select
the source and destination port that you want to use. <div class="remember"><span class="remembertitle">Remember:</span> You <em>must</em> define
addresses if you plan to use NAT. NAT rules can only point to a defined address.</div>
</div>
<p>For
instructions on how to define addresses, service aliases, and ICMP services,
use the Packet Rules Editor online help.</p>
</div>
<div class="example"><h4 class="sectiontitle">Next topic</h4><p>If you plan to use network addresses
translation, go to <a href="rzajbrzajb8bcreatingnatrulessd.htm">Create NAT rules</a>.
Otherwise, go to <a href="rzajbrzajb8a0creatingsd.htm">Create IP filter rules</a> to filter
IP traffic coming into and going out of your network.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajbrzajbx1creatingnewrulessd.htm" title="Read the checklist that contains an overview of the tasks you must complete to ensure that your rules work properly when activated.">Configure packet rules</a></div>
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzajbrzajb8accessingsd.htm" title="Use the Packet Rules Editor to start creating packet rules on your system.">Access packet rules</a></div>
<div class="nextlink"><strong>Next topic:</strong> <a href="rzajbrzajb8bcreatingnatrulessd.htm" title="To use network address translation (NAT), you must define nicknames for the IP addresses you intend to use.">Create NAT rules</a></div>
</div>
<div class="reltasks"><strong>Related tasks</strong><br />
<div><a href="rzajbrzajb89commentssd.htm" title="Adding comments about your rules files is a way to record how you intend your rules to work.">Add comments in the packet rules</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="task" />`
			`<meta name="DC.Title" content="Define addresses and services" />`
			`<meta name="abstract" content="When you create packet rules, you must specify the IP addresses and services to which you want the rules to apply." />`
			`<meta name="description" content="When you create packet rules, you must specify the IP addresses and services to which you want the rules to apply." />`
			`<meta name="DC.Relation" scheme="URI" content="rzajbrzajbx1creatingnewrulessd.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzajbrzajb8accessingsd.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzajbrzajb8bcreatingnatrulessd.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzajbrzajb89commentssd.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzajb8b0-definingadd_sd" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>Define addresses and services</title>`
			`</head>`
			`<body id="rzajb8b0-definingadd_sd"><a name="rzajb8b0-definingadd_sd"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">Define addresses and services</h1>`
			`<div><p>When you create packet rules, you must specify the IP addresses`
			`and services to which you want the rules to apply.</p>`
			`<div class="section"><p>Defined addresses are interface specifications that have been`
			`given symbolic names. You should define addresses when the address you want`
			`to represent is a range of addresses, a subnet, a list of point-to-point identifiers,`
			`or a list of non-contiguous addresses. A defined address statement is required`
			`when you plan to create map address translation rules. If the address you`
			`want to represent is a single IP address in a filter statement, then a defined`
			`address statement is not required. Service aliases allow you to define services`
			`and then to reuse them in any number of filters. Service aliases also keep`
			`track of the purposes of different service definitions.</p>`
			`<div class="p">Defining addresses`
			`and service aliases makes it easier to create your packet rules. When you`
			`create the rules, you refer to the address nickname or service alias rather`
			`than the specific address or service details. Using nicknames and aliases`
			`in your filter rules has the following advantages:<ul><li>Minimizes the risks of typographical errors.</li>`
			`<li>Minimizes the number of filter rules that you need to create.</li>`
			`</ul>`
			`</div>`
			`<div class="p">For example, you have users on your network who need Internet`
			`access. However, you want to restrict these users to Web access only. You`
			`have two choices about how to create the filter rules that you need in this`
			`situation.<ul><li>Define a filter rule for each user's IP address.</li>`
			`<li>Create a nickname for the entire address set that represents your users`
			`by defining an address.</li>`
			`</ul>`
			`</div>`
			`<p>The first choice increases your chances of making typographical`
			`errors, as well as increasing the amount of maintenance that`
			`you must perform for your rules file. Using the second choice, you only need`
			`to create two filter rules. Use a nickname in each rule to refer to the entire`
			`set of addresses to which the rule applies. </p>`
			`<div class="p">You can also create nicknames`
			`for services and use them in the same manner as address nicknames. The service`
			`alias defines what TCP, UDP, and ICMP criteria you want to select. You select`
			`the source and destination port that you want to use. <div class="remember"><span class="remembertitle">Remember:</span> You <em>must</em> define`
			`addresses if you plan to use NAT. NAT rules can only point to a defined address.</div>`
			`</div>`
			`<p>For`
			`instructions on how to define addresses, service aliases, and ICMP services,`
			`use the Packet Rules Editor online help.</p>`
			`</div>`
			`<div class="example"><h4 class="sectiontitle">Next topic</h4><p>If you plan to use network addresses`
			`translation, go to <a href="rzajbrzajb8bcreatingnatrulessd.htm">Create NAT rules</a>.`
			`Otherwise, go to <a href="rzajbrzajb8a0creatingsd.htm">Create IP filter rules</a> to filter`
			`IP traffic coming into and going out of your network.</p>`
			`</div>`
			`</div>`
			`<div>`
			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajbrzajbx1creatingnewrulessd.htm" title="Read the checklist that contains an overview of the tasks you must complete to ensure that your rules work properly when activated.">Configure packet rules</a></div>`
			`<div class="previouslink"><strong>Previous topic:</strong> <a href="rzajbrzajb8accessingsd.htm" title="Use the Packet Rules Editor to start creating packet rules on your system.">Access packet rules</a></div>`
			`<div class="nextlink"><strong>Next topic:</strong> <a href="rzajbrzajb8bcreatingnatrulessd.htm" title="To use network address translation (NAT), you must define nicknames for the IP addresses you intend to use.">Create NAT rules</a></div>`
			`</div>`
			`<div class="reltasks"><strong>Related tasks</strong><br />`
			`<div><a href="rzajbrzajb89commentssd.htm" title="Adding comments about your rules files is a way to record how you intend your rules to work.">Add comments in the packet rules</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`