test

SunScreen 3.2 Administration Guide

Working With Services and Service Groups

The tasks in this section describe how to work with single services and service groups.

To Add a New Single Service

  1. Type the following to add the service ftp-34, service engine, discriminator, parameters, and description (which is optional) within quotation marks.

    In the example below, all you need to type is "PARAMETERS 1200 1200 1" if you do not want to use the default values. See "Services and State Engines" in SunScreen 3.2 Administrator's Overview for the default parameters for the state engines


    edit> add service ftp-34 SINGLE FORWARD ftp PORT 34 PARAMETERS 1200 1200 1 
COMMENT "ftp-34 uses port 34 instead of port 21. 
Use ftp-34 instead of the supplied ftp service."

  2. Type the following to see the new service ftp-34:


    edit> list service ftp-34
"ftp-34" SINGLE FORWARD "ftp" PORT 34 PARAMETERS 1200 1200 1 
COMMENT "ftp-34 uses port 34 instead of port 21. 
Use ftp-34 instead of the supplied ftp service."

To Add a New Service Group
Note -

SunScreen lets you change the default services in service groups; however, to make troubleshooting easier, it is better to add a new service group that contains the services that you want rather than modify an existing service group.

  1. Type the following to add the service group useful services and description (which is optional) within quotation marks:


    edit> add service "useful services" GROUP www archie gopher 
COMMENT "A new service group that is used instead of common services."

    The description will appear in the Service Details field that appears when you choose a service or service group for a policy rule using the Policy Rule Definition dialog box.

  2. Type the following to list the new service group, useful services:


    edit> list service "useful services"
"useful services" GROUP "www" "archie" "gopher" 
COMMENT "A new service group that is used instead of common services."

    This procedure needs more information and an accurate example.

To Modify Service Groups

    Add the GROUP again with the modified member list. The new definition overwrites the old definition.

To Rename a Service or Service Group

    Type the following to rename a service or service group without modifying references to it:


    edit> rename service "useful services" "dmz services"

    The changes take effect when you activate the policy whose rules you have edited.

To Rename References to a Service
Note -

SunScreen lets you rename a single service or a service group. To make troubleshooting easier, do not rename the single services and service groups that are supplied with SunScreen.

    Type the following to rename all references to a service or service group:

    For example:


    edit> renamereference service "useful services" "dmz services"

To Delete a Service or Service Group
Note -

SunScreen lets you delete a single service or a service group. To make troubleshooting easier, do not delete the single services and service groups that are supplied with SunScreen.

    Type the following to delete a service or service group.

    For example, to delete the service group dmz service type:


    edit> del service "dmz services"

This command does not check for references to the single service or service group that you are deleting. The changes take effect when you activate the policy whose rules you have edited.

To Check References to a Service or Service Group

To check references to the single service or service group that you want to delete or have deleted:

  1. Type the following to find references to the service or service group that you want to delete or have deleted

    For example:


    edit> referlist service "dmz services"

    This displays a list of all the instances where the service or service group is used.

  2. Remove the service or service group if you have not already done so.

  3. Edit the rule to remove obsolete references from the rule or rules displayed after typing the command in Step 1.