test

SunScreen 3.2 Administration Guide

Addresses, Address Ranges, and Address Groups

The tasks in this section describe how to work with addresses, address ranges, and address groups.

To Add a New Host Address

    Type the following to add the new host address 172.16.1.2 and a description (which is optional) within quotation marks:


    edit> add address ftp-www HOST 172.16.1.2 
COMMENT "Address of the DMZ host"

    The changes take effect when you activate the policy whose rules you have edited.

To Add a Range of Addresses

    Type the following to add an address range from 172.16.3.2 to 172.16.3.255 and a description (which is optional) within quotation marks:


    edit> add address corp RANGE 172.16.3.2 172.16.3.255
COMMENT "All hosts in corporate"

    The changes take effect when you activate the policy whose rules you have edited.

To Add an Address Group

    Type the following to add an address group and a description (which is optional) within quotation marks, for example:


    edit> add address Internet GROUP { corp sales ftp-www } {} 
COMMENT "The ranges corporate and sales and the host ftp-www 
have access to the Internet"

    The changes take effect when you activate the policy whose rules you have edited.

To Add an Address Range in CIDR Format

  1. Type the following to add a network group and a description (which is optional) within quotation marks, for example:


    edit> add address cidr2 RANGE 10.100.253.0/24 
COMMENT "The network group consists of an IP address 
and a mask."

    The changes take effect when you activate the policy whose rules you have edited.

To Delete an Address, Address Range, or Address List
Note -

To make troubleshooting easier, do not delete the names of the addresses, ranges of addresses, and lists of addresses that were defined when SunScreen was installed.

This command does not check for references to the address, range of addresses, or list of addresses that you are deleting.

    Type the following to delete an address, a range of addresses, or a list of addresses, for example:


    edit> del address host0

    To have the changes take effect, you must activate the policy.

To Check References to a Deleted Address, Address Range, or Address List

    Type the following to find the reference to an address, a range of addresses, or a list of addresses that you want to delete or have deleted, for example:


    edit> referlist address host0

    This displays a list of all the instances where the address, range of addresses, or list of addresses is used. You can now remove the address, range of addresses, or list of addresses from the address list in which it is used and edit the policy rule to remove it from the rule or rules in which it is used.

To Rename an Address, Address Range, or Address Group
Note -

To make troubleshooting easier, do not delete or rename the names of addresses, ranges of addresses, or lists of address that were defined when SunScreen was installed.

    Type the following to rename an address, a range of addresses, or a list of addresses and all reference to it, for example:


    edit> renamereference address ftp-www DMZ

    Type the following to rename an address, a range of addresses, or a list of addresses only, for example:


    edit> rename address ftp-www DMZ

    The changes take effect when you activate the policy whose rules you have edited.