Protecting your Filters
Novell Cool Solutions: Feature
By Craig Johnson
Digg This -
Posted: 30 Jun 2005
This article applies to all versions of BorderManager, but especially to 3.7 and 3.8. When I talk about filters, I actually mean both filters and filter exceptions, but most of the time I mean filter exceptions.Since BorderManager 3.7 came out, filters have been stored in eDirectory. The reason for this is simple ? Novell wanted to build a GUI-based filter management tool, and the tool of choice was iManager, which only manipulates eDirectory objects. Unfortunately, I have seen numerous cases where one kind of eDirectory issue or another causes problems with filters, resulting in one of the following situations:
- Inability to modify or delete an existing filter. This is always accompanied by a ?6001 error on the logger screen (or console prompt, for NetWare 5.1).
- Inability to see any filters or exceptions in FILTCFG. (Filters in eDirectory are no longer associated with the server).
In virtually all cases I have worked on, you can recover by deleting the problem filters in eDirectory and remigrating them from a copy of FILTERS.CFG, using a FILTSRV MIGRATE process. The trick here is to be sure you have a good copy of FILTERS.CFG to start with.
If you use FILTCFG to manipulate your filters, the filters will be written to both SYS:ETC\FILTERS.CFG and eDirectory at the same time. It is important to realize that filters will only be read FROM eDirectory with BorderManager 3.7 or 3.8. (I still prefer using FILTCFG, partly for this reason). If you use iManager to manipulate filters, there is no "backup" made to a FILTERS.CFG file. You must manually back up your filters to a file using a console command at the BorderManager server.
Writing Filtering Information
To take filtering information from eDirectory and write it to a SYS:ETC\FILTERS.CFG file, use the following command:
If you want to write filtering information to a file in SYS:ETC called TEST.TXT, use the following command:
The resulting output will be in the same format as FILTERS.CFG, and it will contain all of your custom filter definitions, your filters, and your filter exceptions.
Again, if you use FILTCFG to manipulate filters, it will automatically update the FILTERS.CFG file - so you do not need to do anything further to back up the filters to a file.
Making a FILTERS.CFG Copy
ALWAYS make a copy of FILTERS.CFG after you have changed your filter exceptions!
It is critical to get a copy of the FILTERS.CFG file stored in a directory other than SYS:ETC! Should you have an issue with eDirectory that results in a loss of the link between the filter objects (which are stored inside the NBMRuleContainer object) and the server object, simply loading FILTCFG will "erase" the filters from FILTERS.CFG by writing down the "emptiness" it sees in eDirectory.
What I do is the following:
- Create a SYS:ETC\BACKUP directory.
- Use TOOLBOX or manually copy FILTERS.CFG from SYS:\ETC to SYS:ETC\BACKUP. (In fact, I just copy all files in SYS:ETC, so that I back up other critical files).
- Repeat the copy every time I finish working on someone?s filters.
Once I have a good copy of FILTERS.CFG, I can always fix someone?s filtering issues without losing any filters.
For much more information on working with BorderManager filters and filter exceptions, check out my web site (http://www.craigjconsulting.com)and my book on the subject: "Novell BorderManager: A Beginner's Guide to Configuring Filter Exceptions," which is available only from my web site.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com