SunScreen 3.1 Reference Manual

ALLOW Action

FIGURE 5-35 shows the Policy Rule Index dialog box for the ALLOW action.

Figure 5-35 Policy Rule Index Dialog Box for ALLOW action

TABLE 5-36 describes the controls in Policy Rule Index dialog box for ALLOW action.

Table 5-36 Controls for ALLOW Action


Control	Description
Log	Sets logging behavior. The options are: LOG_NONE - Do not log packets. LOG_SUMMARY - Record the first 40 bytes of the packet in the log. LOG_DETAIL - Record the complete packet in the log. LOG_SESSION - Record information about the session in the log. The information saved consists of the source and destination addresses and ports (if applicable), the amount of data being sent in each direction, and the length of the session. Not used for stateless services such as `ip all`.
SNMP	Specifies whether the Screen should issue an SNMP trap message when the rule is applied. The options are: SNMP_NONE - Do not send an SNMP alert message when a packet matches the criteria of this rule. SNMP - Send an SNMP alert message when a packet matches the criteria of this rule.
PROXY	Specifies the proxy the Screen should use, if any, when a packet meets the selection criteria of the rule. The options are: NONE PROXY_HTTP PROXY_FTP PROXY_SMTP PROXY_telnet If you choose a proxy, another dialog box, according to the proxy chosen, is displayed.

PROXY_HTTP - Presents the dialog box shown in FIGURE 5-36.

Figure 5-36 PROXY_HTTP Dialog Box for ALLOW action

TABLE 5-37 lists the flags for the HTTP proxy.

Table 5-37 HTTP Proxy Flags


Flag	Function
Cookies	Permits the use of cookies. The options are: ALLOW DENY
ActiveX	Permits the use of ActiveX. The options are: ALLOW DENY
Java	Allow or disallow use of Java applets. The options are: Allow JAVA Block JAVA JAR Signature JAR Hash JAR Signature and Hash
SSL	Permits the use of SSL encryption. The options are: ALLOW DENY

PROXY_FTP - Presents the dialog box shown in FIGURE 5-37.

Figure 5-37 PROXY_FTP Dialog Box for ALLOW action

TABLE 5-38 lists the settings available for the flags for the FTP proxy.

Table 5-38 FTP Proxy Flags


Flag	Function
GET	Allow or disallow use of the FTP get command
PUT	Allow or disallow use of the FTP put command
CHDIR	Allow or disallow use of the FTP chdir command
MKDIR	Allow or disallow use of the FTP mkdir command
RENAME	Allow or disallow use of the FTP rename command
REMOVE	Allow or disallow use of the FTP remove_dir command
DELETE	Allow or disallow use of the FTP delete command
PROXY USERS	Choose the proxy user or the group of proxy users that you want for this rule. You can have only one proxy user or one group of proxy users in this field. You define these proxy users in the proxy user common object.

PROXY_SMTP - Presents the dialog box shown in FIGURE 5-38.

Figure 5-38 PROXY_SMTP Dialog Box for ALLOW action

The only flag for the SMTP proxy is to allow or disallow relayed mail.

PROXY_Telnet - Presents the dialog box shown in FIGURE 5-39.

Figure 5-39 PROXY_Telnet Dialog Box for ALLOW action

For the PROXY USER field, type the proxy user or the group of proxy users that you want for this rule from the choice list. Specify only one proxy user or one group of proxy users in this field. Define these proxy users in the proxy user common object.