Socket Rules
Socket rules are used to control access to the Listen, Accept, and Connect socket exit points.
WARNING: Misuse of Socket Rules can render your system unreachable via TCP. Exercise extreme caution when using this feature. Consider adding Socket Rules as not active and testing them using the Socket Rule test feature, and setting them to be not used by that feature and testing the rule set before removing them. If you render your system unreachable via TCP, you will need to access the system via the console in order to fix the rules (or to deactivate the Socket Rule servers).
| QIBM_QSO_ACCEPT |
Enables a custom exit program to allow or deny incoming connections based on the restrictions set by the programs. |
| QIBM_QSO_CONNECT |
Enables a custom exit program to allow or deny outgoing connections based on the restrictions set by the programs. |
| QIBM_QSO_LISTEN |
Enables a custom exit program to allow or deny a socket the ability to listen for connections based on the restrictions set by the programs. |
Adding socket rules
The Work with Socket Rules panel lets you select the servers to which you want to add or maintain user authority rules.
- From the Main Menu, select option 20 to display the Work with Socket Rules panel.
- Choose 1 (Listen), 2 (Connect), or 3 (Accept), depending on the socket exit point server you want to manage. The Work with Socket Rules panel appears.
- Press F6 to create a new Socket Rule. The Create Socket Rule panel appears.
- Enter the following details:
- Sequence: The sequence number of a Socket Rule determines the order in which it will be evaluated by the exit program, with the lowest sequence number being evaluated first. Socket Rules are evaluated until a match is found.
- Description: Enter a short, textural description of the Socket Rule.
- Authority: Enter Y to allow requests and N to reject requests.
- Audit: Enter Y to log all requests, N to only log authority failures, and * to use the value specified in Work with Security by Server.
- Message: Enter Y to send a message to the Network Security message queue, or N to not send a message. Enter * to use the value specified in Work with Security by Server.
- Capture: Enter Y to capture transactions, or N to not capture transactions. Choose * to use the value specified in Work with Security by Server.
- Active: Enter Y if you want the rule evaluated by the exit point program, or N if you do not want it evaluated. It can be useful to initially set a Socket Rule as not active in order to test it without enforcing it.
- Test: Enter Y to indicate you want the rule evaluated by the Socket Rule test facility, or N to indicate you do not want it tested.
- Press Enter to create the User Rule.
Previous 