× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



BRA-VO!!

Given the only previously existing command was RMVTCPTBL and the description a very clear 'Remove TCP Table', I would never have guessed this new command would not include TCP or TBL. I would also expect the text to include either Table or TCP. Further the action here is LOD (Load) rather than ADD which would be implied by the RMV (Remove).

Given that we've identified it though SAVE IT FOR THE ARCHIVES!

Yes the creation of the .i3p file is known and while initially 'dark and scary' the net of it is build the basic thing and then automate adding the bits needed, that much is actually simple.

THANK YOU Chuck for your persistent searching!!

- Larry "DrFranken" Bolhuis

www.Frankeni.com
www.iDevCloud.com - Personal Development IBM i timeshare service.
www.iInTheCloud.com - Commercial IBM i Cloud Hosting.

On 10/7/2016 9:50 PM, CRPence wrote:
On 07-Oct-2016 09:08 -0500, DrFranken wrote:
There is a RMVTCPTBL command. It lets you 'undo' any packet filters.

There is no ADDTCPTBL or ACTTCPTBL or other command I can find to
activate a set of rules.

[…]

The list archives have a note that Bruce Vining was potentially going
to create such a thing but there was no followup noted.

Any ideas how one could activate a packet filter rule set via a
program??

Way too much searching before I found a command interface related to
the topic, but from this web search
(https://www.google.com/search?q=activate+IP+filtering+rules+%22i3p%22),
I found the following article that may be of some interest.

Not sure *how* I ended up *missing* the "Load/Unload IP Filter" option
from the IBM i 7.3 "Filter Commands" MENU after typing GO CMDFTR, but I
did. That would have been a much less convoluted path :-) The VPN stuff
is included in the quoted text per the "title" of the article not
including any note of IP Filtering PacketRules, and that the example
command invocation specifies Include VPN Rules (INCVPN), but is
apparently specifically *activating* the IP Filtering as the base-action
of that command -- the mnemonics imply a *load* anyhow. Perhaps the
omission from the title was purposeful, because there is no conspicuous
indication that there is anything _new_ outside of iNav that is there to
help create the .i3p file. But if such a file already exists, or how to
create one is already known, then:

["IBM i 7.1 and 7.2 VPN Enhancements"|Oct-2014|by Ashley Good]
(http://www.ibmsystemsmag.com/ibmi/administrator/networks/i71-i72-vpn-enhancements/)

"…
Filter Rules and VPN Commands

Four new commands are provided in IBM i 7.2 to assist clients with VPN
configuration and management actions previously only possible through
Navigator.

The Load/Unload IP Filter (LODIPFTR) command is used to load and unload
Internet protocol (IP) filter rules. LODIPFTR gives the user the option
to include the VPN rules with the INCVPN(*YES) parameter. The VPN rules
included in the load or unload are the rules that reside in
/QIBM/UserData/OS400/TCPIP/OPNAVRULES/VPNPOLICYFILTERS.I3P and are
generated by Navigator.

This example shows the command to load filter rules on all interfaces,
including VPN rules:

LODIPFTR OPTION(*LOAD) LIND(*ALL)
STMF('/QIBM/UserData/OS400/TCPIP/PacketRules/test.i3p')
INCVPN(*YES)

The Copy VPN Configuration File (CPYVPNCFGF) command provides new
functionality to import, export or validate all VPN configurations on a
system. When used to import, all of the current VPN connections on the
system, except the IBM Universal Connection Wizard (UCW) connections
QVPN01IBM1 and QVPN01IBM2, are deleted and replaced with the imported
configuration. It cannot be used to import or export individual
connections. Importing the VPN configuration file with CPYVPNCFGF does
not import the filter rules. The filter rules need to be re-created to
be used with the imported connections.
…"

So apparently still quite dependent upon iNav, but, I infer that the
file /QIBM/ProdData/OS400/TCPIP/PacketRules/Template4PacketRules.tcpipml
created with the XML that the wizard(s) generate [or generated by
another means] will be converted into the .i3p file by the so-called
"Filter Rule Activate API" from the text of APAR SE29067 -- so if you
can find out what objects shipped with either of the following PTFs,
maybe that will reveal the so-called "API"?:
v5r3m0 R530 SI27713 cNone
v5r4m0 R540 SI27703 c7282540

FWiW, I did not look to see if there is an updated version of the
following document that might include reference to the above Load/Unload
IP Filter (LODIPFTR) command, but the following document will show
something about the Stream Files and locations [and ownership\authority]
requirements, among other things;
[Networking IP filtering and network address translation]
(https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_72/rzajb/rzajbpdf.pdf)



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.