Socket rules are used to control access to the Listen, Accept, and Connect socket exit points.
WARNING: Misuse of Socket Rules can render your system unreachable via TCP. Exercise extreme caution when using this feature. Consider adding Socket Rules as not active and testing them using the Socket Rule test feature, and setting them to be not used by that feature and testing the rule set before removing them. If you render your system unreachable via TCP, you will need to access the system via the console in order to fix the rules (or to deactivate the Socket Rule servers).
| User Exit Point | Description |
|---|---|
| QIBM_QSO_ACCEPT | Enables a custom exit program to allow or deny incoming connections based on the restrictions set by the programs. |
| QIBM_QSO_CONNECT | Enables a custom exit program to allow or deny outgoing connections based on the restrictions set by the programs. |
| QIBM_QSO_LISTEN | Enables a custom exit program to allow or deny a socket the ability to listen for connections based on the restrictions set by the programs. |
Adding socket rules
- To add a socket rule, on the Socket Rules screen, choose Add.
- Enter a name for the rule.
- For Server > Function, click Select. Choose the exit point you want to secure.
- Configure the following:
- Authority: Choose Yes to allow requests and No to reject requests.
- Audit: Choose Yes to log all requests, No to only log authority failures, and Inherit to use the value specified in Product Configuration.
- Message: Choose Yes to send a message to the Network Security message queue, or No to not send a message. Choose Inherit to use the value specified in Product Configuration.
- Capture: Choose Yes to capture transactions, or No to not capture transactions. Choose Inherit to use the value specified in Product Configuration.
- Active: Choose Yes if you want the rule evaluated by the exit point program, or No if you do not want it evaluated. It can be useful to initially set a Socket Rule as not active in order to test it without enforcing it.
- Test: Choose Yes to indicate you want the rule evaluated by the Socket Rule test facility, or No to indicate you do not want it tested.
- In the 'Sequence' section, click and drag the rule into the desired order. The list shows the sequence used to determine the order in which the socket rules will be evaluated.
- To define conditions, In the 'Conditions' section, click Add. Define conditions for the socket rule. For details, see Conditions.
Previous 