You are here:

Create Socket Rule panel

The Create Socket Rule panel allows you to create a new Socket Rule.

WARNING: Misuse of Socket Rules can render your system unreachable via TCP. Exercise extreme caution when using this feature. Consider adding Socket Rules as not active and testing them using the Socket Rule test feature, and setting them to be not used by that feature and testing the rule set before removing them. If you render your system unreachable via TCP, you will need to access the system via the console in order to fix the rules (or to deactivate the Socket Rule servers).

How to get there

On the Work with Socket Rules panel, choose option 1, 2, or 3. Then press F6.

Field Descriptions

System

System indicates the target of any operations you perform. When you add rules, for example, those rules will be sent to, and will affect processing on, the System named.

Server

A Server in Network Security is a controlled entry point into your system. These entry points are determined and defined by IBM. Network Security has assigned easy-to-remember names to these controlled entry points.

Function

A Function, or Server Function, in Network Security represents a class of operations that a given Server may perform. For example, the *SIGNON Server classifies its operations as those pertaining to changing passwords, generating authentication tokens, and retrieving signon information. Network Security has assigned easy-to-remember names to these Functions, such as CHGPWD, GENAUTTKN and RETRIEVE.

Sequence

The sequence number of a Socket Rule determines the order in which it will be evaluated by the exit program, with the lowest sequence number being evaluated first. Socket Rules are evaluated until a match is found.

Description

The Socket Rule description is a short textual description of the Socket Rule. It is typically used to indicate the purpose of the Socket Rule.

Authority

Authority represents the action to be taken when a rule is found that matches the data present on a transaction.

The valid values are:

Y Network Security will allow requests when this rule is enforced.

N Network Security will reject requests when this rule is enforced.

* Uses the value found in the rule above this one in the rule hierarchy when this rule is enforced.

The value * will cause the rule to inherit the value from the default Socket Rule (sequence number 99999). This default rule may not be set to the value *.

Audit

The Audit transactions flag controls the logging of transactions to the Log Journal set up on the Work with Network Security System Values panel.

The valid values are:

* Uses the value found in the rule above this one in the rule hierarchy.

Y Logs all requests when this rule is enforced.

N Logs only access failures (rejects) for this rule.

The value * will cause the rule to inherit the value from the default Socket Rule (sequence number 99999). This default rule may not be set to the value *.

Message

The Send messages flag controls the sending of messages to the Log Message Queue set up on the Work with Network Security System Values panel.

The valid values are:

* Uses the value found in the rule above this one in the rule hierarchy.

Y Sends a message when this rule is enforced.

N Does not send a message when this rule is enforced.

The value * will cause the rule to inherit the value from the default Socket Rule (sequence number 99999). This default rule may not be set to the value *.

Capture

The Capture transactions flag controls whether transactions are remembered in Network Security. Unlike some other rule types, a captured Socket Rule cannot be memorized.

The valid values are:

* Uses the value found in the rule above this one in the rule hierarchy.

Y Captures the transaction when this rule is enforced.

N Does not capture the transaction when this rule is enforced.

The value * will cause the rule to inherit the value from the default Socket Rule (sequence number 99999). This default rule may not be set to the value *.

Active

The Socket Rule Active flag determines whether the rule will be evaluated by the exit point program.

It can be useful to initially set a Socket Rule as not active in order to test it without enforcing it.

The valid values are:

Y Network Security will evaluate the rule.

N Network Security will not evaluate the rule.

The value N is not allowed for the default Socket Rule (sequence number 99999).

Test

The Socket Rule Test flag determines whether the rule will be evaluated by the Socket Rule test facility.

It can be useful to flag a rule to not be tested in order to verify the effects of removing that rule.

The value N is not allowed for the default Socket Rule (sequence number 99999).

The valid values are:

Y The Socket Rule test facility will evaluate the rule.

N The Socket Rule test facility will not evaluate the rule.

Command Keys

F3 (Exit): Exit the panel without processing any pending changes.

F12 (Cancel): Exit the panel without processing any pending changes.

Copyright © HelpSystems, LLC.
All trademarks and registered trademarks are the property of their respective owners.
7.15 | 201709140431