93 lines
6.2 KiB
HTML
93 lines
6.2 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="task" />
|
|
<meta name="DC.Title" content="Define addresses and services" />
|
|
<meta name="abstract" content="When you create packet rules, you must specify the IP addresses and services to which you want the rules to apply." />
|
|
<meta name="description" content="When you create packet rules, you must specify the IP addresses and services to which you want the rules to apply." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzajbrzajbx1creatingnewrulessd.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb8accessingsd.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb8bcreatingnatrulessd.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb89commentssd.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rzajb8b0-definingadd_sd" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Define addresses and services</title>
|
|
</head>
|
|
<body id="rzajb8b0-definingadd_sd"><a name="rzajb8b0-definingadd_sd"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Define addresses and services</h1>
|
|
<div><p>When you create packet rules, you must specify the IP addresses
|
|
and services to which you want the rules to apply.</p>
|
|
<div class="section"><p>Defined addresses are interface specifications that have been
|
|
given symbolic names. You should define addresses when the address you want
|
|
to represent is a range of addresses, a subnet, a list of point-to-point identifiers,
|
|
or a list of non-contiguous addresses. A defined address statement is required
|
|
when you plan to create map address translation rules. If the address you
|
|
want to represent is a single IP address in a filter statement, then a defined
|
|
address statement is not required. Service aliases allow you to define services
|
|
and then to reuse them in any number of filters. Service aliases also keep
|
|
track of the purposes of different service definitions.</p>
|
|
<div class="p">Defining addresses
|
|
and service aliases makes it easier to create your packet rules. When you
|
|
create the rules, you refer to the address nickname or service alias rather
|
|
than the specific address or service details. Using nicknames and aliases
|
|
in your filter rules has the following advantages:<ul><li>Minimizes the risks of typographical errors.</li>
|
|
<li>Minimizes the number of filter rules that you need to create.</li>
|
|
</ul>
|
|
</div>
|
|
<div class="p">For example, you have users on your network who need Internet
|
|
access. However, you want to restrict these users to Web access only. You
|
|
have two choices about how to create the filter rules that you need in this
|
|
situation.<ul><li>Define a filter rule for each user's IP address.</li>
|
|
<li>Create a nickname for the entire address set that represents your users
|
|
by defining an address.</li>
|
|
</ul>
|
|
</div>
|
|
<p>The first choice increases your chances of making typographical
|
|
errors, as well as increasing the amount of maintenance that
|
|
you must perform for your rules file. Using the second choice, you only need
|
|
to create two filter rules. Use a nickname in each rule to refer to the entire
|
|
set of addresses to which the rule applies. </p>
|
|
<div class="p">You can also create nicknames
|
|
for services and use them in the same manner as address nicknames. The service
|
|
alias defines what TCP, UDP, and ICMP criteria you want to select. You select
|
|
the source and destination port that you want to use. <div class="remember"><span class="remembertitle">Remember:</span> You <em>must</em> define
|
|
addresses if you plan to use NAT. NAT rules can only point to a defined address.</div>
|
|
</div>
|
|
<p>For
|
|
instructions on how to define addresses, service aliases, and ICMP services,
|
|
use the Packet Rules Editor online help.</p>
|
|
</div>
|
|
<div class="example"><h4 class="sectiontitle">Next topic</h4><p>If you plan to use network addresses
|
|
translation, go to <a href="rzajbrzajb8bcreatingnatrulessd.htm">Create NAT rules</a>.
|
|
Otherwise, go to <a href="rzajbrzajb8a0creatingsd.htm">Create IP filter rules</a> to filter
|
|
IP traffic coming into and going out of your network.</p>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajbrzajbx1creatingnewrulessd.htm" title="Read the checklist that contains an overview of the tasks you must complete to ensure that your rules work properly when activated.">Configure packet rules</a></div>
|
|
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzajbrzajb8accessingsd.htm" title="Use the Packet Rules Editor to start creating packet rules on your system.">Access packet rules</a></div>
|
|
<div class="nextlink"><strong>Next topic:</strong> <a href="rzajbrzajb8bcreatingnatrulessd.htm" title="To use network address translation (NAT), you must define nicknames for the IP addresses you intend to use.">Create NAT rules</a></div>
|
|
</div>
|
|
<div class="reltasks"><strong>Related tasks</strong><br />
|
|
<div><a href="rzajbrzajb89commentssd.htm" title="Adding comments about your rules files is a way to record how you intend your rules to work.">Add comments in the packet rules</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |