Local and remote port ranges (TCP and UDP)

This attribute specifies the port number or port number range to which this rule applies. ICMP traffic can also be specified by using port 0 (zero).

Local and remote IP address ranges

This attribute specifies the network source and destination. IPv4 and IPv6 are both supported, but must be in separate rules (since the source and destination of an IP packet must be either v4 or v6). This attribute may include a prefix to denote the range of IP addresses.

Usercode

This attribute allows the security administrator to control which usercode can access the network. For example, the usercode contained in the rule would be allowed to execute a server program and wait for incoming requests. The TCP/IP Security software does not examine any outgoing or incoming network traffic for usercodes that may be contained as application data. For example, if an HTTP or FTP request has a usercode as part of the data, TCP/IP Security does not validate this information; it would be up to the application to provide access control. The usercode contained in the rule is only to provide access control to programs that communicate over the network. You can include only one usercode per rule.

Code file names

This attribute specifies which code files can access the network. Usercode should not be included with the code file name.

Time of day

This attribute specifies the time of day.

Day of week

This attribute specifies the day of week.

Application authorization (TCP/IP service authorized)

This attribute specifies that an application must be marked with “SERVICE = TCPIP” to use the specified TCP or UDP port.

TCP direction

This attribute specifies whether the direction is Active (outgoing) or Passive (incoming).

Transport protocols

This attribute specifies whether the protocol is TCP, UDP, or both.