Packet rules concepts

Packet rules comprise both network address translation (NAT) rules and IP filtering rules. These two rules run at the IP layer of the TCP/IP stack and help protect your system against potential risks that are commonly associated with TCP/IP traffic.

To better understand how packet rules work, you need to be familiar with the following concepts and how they apply to your system:

• Packet rules versus other i5/OS^® security solutions

• NAT

• Packet rules terminology
  Here are the useful terms related to the packet rules.

• Packet rules versus other i5/OS security solutions
  In high-risk situations, such as securing a production system or securing communications between your System i™ platform and other systems in a network, you might need to investigate other security solutions to broaden your protection.

• Network address translation
  Network address translation (NAT) enables you to access the Internet safely without having to change your private network IP addresses.

• IP filtering
  The IP filtering component of packet rules enables you to control what IP traffic you want to allow into and out of your company's network.

• Organizing NAT rules with IP filter rules
  While network address translation (NAT) and IP filtering work independently of each other, you can use NAT in conjunction with IP filtering.

• Organizing multiple IP filter rules
  When you create a filter rule, it refers to a one-rule statement. A group of filter rules is called a set. The filters within a set are processed top to bottom, in physical order. Multiple sets are processed in physical order within a FILTER_INTERFACE statement.

• Spoof protection
  Spoofing occurs when someone attempts to access your system by pretending to be within a system that you normally trust within your own network. You need to protect any interfaces that are linked to a public network from this type of attack.

Parent topic: