Hallo SE,

vielleicht hilft das weiter:

Saving, activating, and deactivating NAT and IP filter rules
Activating the filter rules you create is the final step to implement the Packet rules process. Before you save and activate your rules you should verify that they are correct. Always attempt to resolve any problems before saving and activating your filter rules. If you activate rules that have errors or are ordered incorrectly, your system will be at risk. Your system has a verify function that is automatically invoked any time you activate your rules. Because this automatic feature only checks for major syntactical errors, you should not rely on it. Make sure you always manually check for errors in your rules.
Saving your filter rules
In addition to verifying, you must save your rules before you can activate them. Anytime you verify a filter rule file, the system gives you the option of saving your file. When you select the verify function a confirmation window displays. If you click OK, another window displays. This is where you specify the name of the file you want to verify. After you choose which file you want verified, you can choose whether you want to cancel or Save. If you click save, the system saves your file and proceeds through the verification process. If you try to activate your rules without saving them, the system will prompt you to save your rules.
Activating your filter rules
You can only activate the rules that you are currently viewing. To activate your filter rules, follow these steps:
1. Within the Packet rules dialog, click the File menu.
2. Select Activate. The system displays a dialog asking you if you want to activate these rules on a specific interface or all interfaces.
3. Click OK. The system displays a dialog which asks you to confirm that you want to verify the rules as you activate them.
4. Click Yes in the dialog. If you have not previously saved your rules file, the system displays the Save Rules As dialog.
5. Specify a name for the rules file and click OK to save the rules.
If the system is able to verify the rules, the system activates them. If there are errors in the rules, these errors will be displayed at the bottom of the window. You can correct them before you attempt to activate the rules again.
When filter rules are not applied to an interface (for example, you are only using NAT rules, not filtering rules), a warning (TCP5AFC) appears. This is not an error. It only verifies that using one interface is indeed, your intention. Always look at the last message. If it says the activation is successful, then the messages above are all warnings.
Note: When you activate new rules on all interfaces, they replace all previous rules on all physical interfaces. Even if a physical interface is not mentioned in the new rules, it will be replaced. However, if you choose to activate new rules on a specific interface, the rules will only replace the rules on that specific interface. Existing rules on other interfaces will be untouched.
Deactivating your filter rules
If for some reason you want to deactivate your filter rules, follow the steps above intended for rule activation. However, instead of selecting Activate, select Deactivate. Then click Yes. This will make your system vulnerable to intruders.
After you configure Packet rules to protect your system, you want to ensure that your system remains secure. To do this, you must know how to use NAT and IP filter administration.

Accessing the Packet rules functions
You must access iSeries Packet rules through Operations Navigator, the graphical interface that enables you to work with your iSeries resources.
To access Packet rules functions (using a V5R1 system), follow these steps:
1. In the left pane of the Operations Navigator window, expand My Connections.
2. Expand the iSeries system on which you want to establish Packet rules.
3. Expand Network.
4. Expand IP Policies.
5. Right-click Packet rules.
6. Select Configuration. The Packet rules window displays. From this window, you can create new rules and manage existing ones.
After you access Packet rules, you can start by Defining addresses and services.

Viewing NAT and IP filter rules
By viewing the filter rules you create, you can check for any visible errors. You may want to view your filter rules not only before activating and testing, but also before printing and backing up. Viewing your rules is not your only way of checking for errors. It is, however, a useful way to minimize or remove the errors before testing.
Your system also has a verify function, but do not solely rely on it. You should take the necessary measures to ensure that you correct all errors manually. This will save you valuable time and resources.
To view inactive rules you need to open the filter rule file.
To view your currently active rules, follow these steps:
1. Open the Packet rules dialog. This dialog displays the rules that are currently loaded and upon which interface they are active.
2. Click View and select Active Rules. A dialog box appears asking if you want to view the currently loaded rules on a specific interface or view the interfaces that have currently loaded rules.
3. Select your option and click OK.
4. Depending on your selection, the appropriate list of all your rules should appear in the right frame of the dialog.
Note: Because this is a 'special' view, you can not edit the rules from within this dialog. You must open your rules file through the File menu to edit your rules.
You should print out the filter rules you create so you can look over them. This allows you to catch any visible mistakes and verify that you included any previously created filter rules files you wanted to add. You should not activate your filter rules without viewing them to verify that they are correct.

Gruß DK