Scenario: Creating filter rules to allow HTTP, Telnet, and FTP traffic

 

In this scenario, your company uses IP filtering to restrict the IP traffic that can access its Web server to only HTTP, Telnet, and File Transfer Protocol (FTP) traffic.

 

Situation

You want to provide Web applications to your customers, but your current firewall is working at capacity and you do not want to add additional traffic to it. Your colleague suggests running the applications outside the firewall. However, you want only HTTP, FTP, and Telnet traffic to have access to your System i™ Web server from the Internet. What should you do?

 

Solution

IP filtering enables you to set rules that define what information can flow through your Web server. In this scenario, you can write filter rules that permit HTTP, FTP, and Telnet traffic (inbound and outbound). The public address of the server is 192.54.5.1, and the private IP address is 10.1.2.3.

 

Configuration

To configure the packet rules described in this scenario, use the Permit A Service wizard in iSeries™ Navigator. The wizard requires the following information:

To use the Permit Service wizard, follow these steps:

  1. In iSeries Navigator, select your system > Network > IP Policies.

  2. Right-click Packet Rules, and select Rules Editor.

  3. From the Welcome Packet Rules Configuration dialog, select Create a new packet rules file, and click OK.

  4. From the Wizards menu, select Permit A Service, and follow the wizard's instructions to create the filter rules.

These packet rules permit HTTP traffic into and out of the system. The packet rules looks like the following example.

Use the Permit a Service wizard two more times to create filter rules that permit FTP traffic and Telnet traffic into and out of the system.

After you finish creating these filter rules, verify them to ensure that they can be activated without errors.

 

Parent topic:

Scenarios: Packet rules
Related tasks
Verifying packet rules Activating packet rules