Configure packet rules

Read the checklist that contains an overview of the tasks you must complete to ensure that your rules work properly when activated.

You find the specific, step-by-step information in the Packet Rules Editor online help.

After you have created a plan for configuring packet rules on your system, you should be ready to begin actually creating and applying them.

__ Access the Packet Rules Editor. Follow these instructions to access the Packet Rules Editor in iSeries™ Navigator.
__ Use the wizards provided as part of the Packet Rules Editor (V5R2 and later) to create your rules files:
  • Permit a Service Wizard

    This wizard will generate and insert a set of packet rule statements that will permit the necessary traffic for a given TCP or UDP service.

  • Spoof Protection Wizard

    This wizard will generate and insert a set of packet rule statements that will deny any traffic on an interface that should only be entering this server through a different interface.

  • Address Translation Wizard

    This wizard will generate and insert a set of either map or hide packet rules statements.

Depending on what type of rules you want to configure, these wizards create all of the required filter and NAT statements for you. You can access the wizards from the Wizards menu in the Packet Rules Editor. If you prefer to write the rules yourself, continue to the next item in the checklist.
__ Define addresses and services by creating aliases for the addresses and services for which you plan to create multiple rules.
Note: You must define addresses if you want to create NAT rules.
__ Create NAT rules. Perform this task only if you plan to use NAT.
__ Create filter rules to define what filters to apply to the network that this system administrates.
__ Specify any additional files that you want to include in your "master" rules file. Complete this task only if you have existing rules files that you want to reuse in a new rules file.
__ Define the interfaces by applying your rules.
__ Make comments to describe what each rules file does.
__ Verify your rules files to ensure that your rules will activate error free and without problems.
__ Activate your rules file. Packet rules must be activated in order for them to work.
__ Manage packet rules. After you have activated your packet rules, you must manage them periodically to maintain the security of your system.
  1. Access packet rules
    Use the Packet Rules Editor to start creating packet rules on your system.
  2. Define addresses and services
    When you create packet rules, you must specify the IP addresses and services to which you want the rules to apply.
  3. Create NAT rules
    To use network address translation (NAT), you must define nicknames for the IP addresses you intend to use.
  4. Create IP filter rules
    When you create a filter, you specify a rule that governs the IP traffic flow in and out of your system.
  5. Define IP filter interfaces
    Define filter interfaces to establish the filter rules that you want the system to apply to each interface.
  6. Include files in packet rules
    You can activate more than one packet rules file on your system by using the Include feature of the Packet Rules Editor.
  7. Add comments in the packet rules
    Adding comments about your rules files is a way to record how you intend your rules to work.
  8. Verify packet rules
    Always verify your rules before you activate them. This helps ensure that the rules will be activated without problems.
  9. Activate packet rules
    Activating the packet rules that you create is the final step in configuring packet rules.
Parent topic: IP filtering and network address translation
Related tasks
Plan for packet rules
Manage packet rules