Services and Service Groups

To Add a New Single Service

1. Type the following to add the service ftp-34, service engine, discriminator, parameters, and an optional description within quotation marks.

   You only need to type in the "PARAMETERS 1200 1200 1" in the example below if you do not want to use the default values. See the SunScreen Reference Manual for the default parameters for the state engines

   edit> add service ftp-34 SINGLE FORWARD ftp PORT 34 PARAMETERS 1200 1200 1 COMMENT "ftp-34 uses port 34 instead of port 21. Use ftp-34 instead of the supplied ftp service."

2. Type the following to see the new service ftp-34:

   edit> list service ftp-34 "ftp-34" SINGLE FORWARD "ftp" PORT 34 PARAMETERS 1200 1200 1 COMMENT "ftp-34 uses port 34 instead of port 21. Use ftp-34 instead of the supplied ftp service."

To Add a New Service Group

Although SunScreen lets you change the default services in service groups, to make any troubleshooting easier, it is better to add a new service group that contains the services that you want.

1. Type the following to add the service group "useful services" and an optional description within quotation marks:

   • For local administration:

     edit> add service "useful services" GROUP www archie gopher COMMENT "A new service group that is used instead of common services."

   The description will appear in the Service Details field that appears when you choose a service or service group for a policy rule using the Policy Rule Definition dialog window.

2. Type the following to list the new service group "useful services."

   edit> list service "useful services"

To Modify Service Groups

Add the GROUP again with the modified member list. The new version will overwrite the old version.

To Rename a Service and Service Group and Its References

SunScreen lets you rename a single service or a service group. To make troubleshooting easier, do not rename the single services and service groups that are supplied with SunScreen.

Type the following to rename the old service or service group to the new name and all references to it, for example:

edit> renamereference service "useful services" "dmz services"

To Rename a Service or Service Group

Type the following to rename the old service or service group to the new name only, for example:

edit> rename service "useful services" "dmz services"

To have the changes take effect, you must activate the policy whose rules you edited.

To Delete a Service or Service Group

SunScreen lets you delete a single service or a service group. To make any troubleshooting easier, do not delete the single services and service groups that are supplied with SunScreen.

This command does not check for references to the single service or service group that you are deleting.

Type the following to delete a service or service group, for example to delete the service group "dmz service":

edit> del service "dmz services"

To have the changes take effect, you must activate the policy whose rules you edited.

To Check References to Deleted Service or Service Group

To check references to the single service or service group that you want to delete or have deleted:

Type the following to find references to the service or service group that you want to delete or have deleted, for example:

edit> referlist service "dmz services"

You see a list of all the instances where the service or service group is used. You, then, can remove the service or service group from the service group in which it is used, and edit the rule to remove it from the rule or rules in which it is used.