Bob,
Below is a packet rule I used to black all traffic from a specific IP
address within our network that was causing trouble, let's say
10.10.10.10. That rule worked on V5R3 and I don't know if there have
been syntax changes between releases. This was used with a single TCP/IP
interface on an ethernet line named ETHLIN.
In case the formatting gets all messed up, the filter text below is
supposed to chow three lines, each beginning with "FILTER".
USE IT AT YOUR OWN RISK and like Richard said, keep a console handy and
the command to deactivate the rules! This stuff can really knock you
dead in the water (found that out the hard way). The second line is very
important because you want to permit other traffic and if you don't,
everything will be blocked!
-Marty
===== start of filter text
FILTER SET x ACTION = DENY DIRECTION = INBOUND SRCADDR =
10.10.10.10 DSTADDR = * PROTOCOL = * DSTPORT = * SRCPORT = *
JRN = OFF
FILTER SET ALL ACTION = PERMIT DIRECTION = * SRCADDR = * DSTADDR
= * PROTOCOL = * DSTPORT = * SRCPORT = * JRN = OFF
FILTER_INTERFACE LINE = ETHLIN SET = x, ALL
===== end of filter text
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[
mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Bob David
Sent: Tuesday, July 10, 2007 11:19 AM
To: MIDRANGE-L@xxxxxxxxxxxx
Subject: IP polices -> packet rules....
List,
I am planning to create a packet rule to restrict particular ip address.
Using bellow.
In iSeries? Navigator, select your server ??> Network ??> IP policies
??> Packet rules.
My question is does this require TCP service should be bring down prior
to the rule activation?
Any idea on this rules createion/modification?
Thanks
Bob
midrange.com
