General Information on Socks Templates

Socks Templates are rules that control security through the Socks server. The Socks Templates function allows you to customize, add to, copy, or delete existing Socks Templates. These Socks Templates, in turn, can be used in the definitions of Connections on the Firewall.

The figure below illustrates how Socks Templates can become a part of connection configurations.

Further Information

Configuring the Socks Server
Controlling Traffic Through the Firewall
Example of Socks

Template Name

Enter the name of the Socks entry. This name must be unique and should not contain a pipe symbol(|), a single quote (or apostrophe) character (') or a double quote(") character as these are used as SMIT/smitty and file delimiters. Use of these characters will result in unreliable data.

Description

This field is optional and is provided in case you want to provide a comment or additional information about this item.

Action (Socks)

Choose either Permit or Deny to either permit or deny access from a source to a destination. When a datagram comes into the Socks server, it compares the datagram specifications to each rule in the configuration file starting with the first rule until it finds a rule that matches exactly. Then it stops searching and performs the relevant action (either permit or deny access) on that rule. If no match is found, access is denied automatically.

Ident Verification

In the Employ ident verification field, you can enter data that will be used to validate a user.
None  Use the identification option selected in the sockd entry in
      /etc/rc.tcpip, if any are specified. 
        
?=I   The identd must be used to verify the user's identity. Access
      is denied if connection to client's identd fails or if the result
      does not match the user ID reported by the client program. 
 
?=i   Verification  must  be  used. Access is denied if the identd
      result  does  not match  the user ID  reported by the client
      program.
 
?=n   Do not use the identd program. This overrides the setting on
      the socks entry in rc.tcpip.   

User List (Socks)

In the User List field, you can enter a user ID, a list of user IDs, a file name, or a list of file names. If you enter a list, separate the entries with commas. File names must be fully qualified (including the leading "/"). Do NOT use spaces, tabs, the pipe symbol (|) or double quotes(") in the user list.
 - The user list is limited to 396 characters.
 
 - User IDs must be IDs of users on the requesting host, not those on
   the destination host or Socks server host.
 
 - A user ID can consist of 1 to 8 characters, including
     a through z
     A through Z
     0 through 9
     _ (underscore)
 
 - A user ID should not contain the following characters
     pipe symbol (|)
     double quote character(")
 
 - If file names  are used, they must  be  fully qualified (with the
   leading "/" to prevent their being interpreted as user IDs). Each
   file can contain a list of user IDs,  with  one or more per line,
   separated  by commas, and optionally  including a comment that is
   delimited with  the # character.  Full comment lines - those that
   begin with  the # character are also supported.  Each line in the
   file  can be up to 1023 characters long and must be terminated by
   a "newline" character.
Note: When SMIT constructs a rule consisting of user list data obtained from this field,it will accept an arbitrary number of blank characters or a comma as entry delimiters and will build a userlist entry consisting of a contiguous string of entries, separated by commas. This is done at rule creation time, NOT rule evaluation time. Do NOT rely on this behavior if you manually edit the configuration file and change the contents of a userlist. A rule created or changed manually to include imbedded spaces (or tabs) will cause that rule to be rejected as invalid.

Operation (Socks)

In the Operation field, enter a logical operator code that represents the logical operation to be performed on the port number:

When used with Port Number, the operator establishes a relationship that must be met. For example, if you enter "Greater than" and Port Number 23, then the port number must be greater than 23 for the rule to be invoked.


Port # (Socks)

In the Port Number field, enter the number of a port. The Port Number is used with the Operation field to establish a relationship that must be met. For example, if you enter "Greater than" in the Operation field and Port Number 23, then the port number must be greater than 23 for the rule to be invoked. If this pair is omitted, the line applies to all destination port numbers.

Command

In the Command to Execute field, enter a command string to be executed when the conditions in this rule are satisfied. The following substitutions occur before the string is presented to the Borne shell for execution:
   %A        replaced by the client host's domain name if
             known, by its IP address otherwise
   %a        replaced by the client host's IP address
   %c        replaced by  connect or bind, the command
             sockd is asked to execute
   %p        replaced by the process id of sockd
   %S        replaced by the service name (for example, ftp)
             if known, by the destination port number other-
             wise
   %s        replaced by the destination port number
   %U        replaced by the user-id reported by identd
   %u        replaced by the user-id reported by the client
             program
   %Z        replaced by the destination host's domain name
             if known, by its IP address otherwise
   %z        replaced by the destination host's IP address
   %%        replaced by a single %
 
You can string together several shell commands in a line with
a | or ; symbol.

OK

Press the "OK" button to save changes and close the window.

Cancel

Press the "Cancel" button to close the window without saving any changes.