eServer Magazine:
"Wouldnt it be nice to have a function that allows you to block unwanted IP data traffic right at the communications interface into your iSeries server? There is a service that offers a way of defining what type of IP traffic can enter or leave your server through one or more physical interfaces.
IP Packet Rules
In OS/400*, this service, called IP packet rules, allows you to establish a gatekeeper for your intranet traffic as well as a second line of defense for traffic to and from the Internet. IP packet rules were introduced with V4R3, and then greatly enhanced with V5R2. IP packet filtering technology is inserted at a low level in the IP protocol stack,network layer,to examine the first few bytes of each packet, which is called the packet header. Using the information from the IP packet header, the packet filter determines whether it should allow the packet through or discard it. Most packet filters let you filter on:
Source and destination IP address
Protocols,TCP, UDP, ICMP, etc.
Source and destination ports
Whether the packet is inbound or outbound
With V5R2, you can filter on any LAN interface, virtual LAN (LPAR and Windows* integration) and Point-to-Point (PPP) or Layer 2 Tunneling Protocol (L2TP) interfaces. For PPP and L2TP interfaces, you can apply different sets of filters based on authenticated users. Successfully setting up IP packet rules requires a good understanding of IP networking. A typical implementation involves planning, configuration and activation."
Posts
No comments:
Post a Comment