Define addresses and services

When you create packet rules, you must specify the IP addresses and services to which you want the rules to apply.

Defined addresses are interface specifications that have been given symbolic names. You should define addresses when the address you want to represent is a range of addresses, a subnet, a list of point-to-point identifiers, or a list of non-contiguous addresses. A defined address statement is required when you plan to create map address translation rules. If the address you want to represent is a single IP address in a filter statement, then a defined address statement is not required. Service aliases allow you to define services and then to reuse them in any number of filters. Service aliases also keep track of the purposes of different service definitions.

Defining addresses and service aliases makes it easier to create your packet rules. When you create the rules, you refer to the address nickname or service alias rather than the specific address or service details. Using nicknames and aliases in your filter rules has the following advantages:

Minimizes the risks of typographical errors.
Minimizes the number of filter rules that you need to create.

For example, you have users on your network who need Internet access. However, you want to restrict these users to Web access only. You have two choices about how to create the filter rules that you need in this situation.

Define a filter rule for each user's IP address.
Create a nickname for the entire address set that represents your users by defining an address.

The first choice increases your chances of making typographical errors, as well as increasing the amount of maintenance that you must perform for your rules file. Using the second choice, you only need to create two filter rules. Use a nickname in each rule to refer to the entire set of addresses to which the rule applies.

You can also create nicknames for services and use them in the same manner as address nicknames. The service alias defines what TCP, UDP, and ICMP criteria you want to select. You select the source and destination port that you want to use.

Remember: You must define addresses if you plan to use NAT. NAT rules can only point to a defined address.

For instructions on how to define addresses, service aliases, and ICMP services, use the Packet Rules Editor online help.

Next topic

If you plan to use network addresses translation, go to Create NAT rules. Otherwise, go to Create IP filter rules to filter IP traffic coming into and going out of your network.