× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. July 2007

RE: Denying TCP connections based on IP

Charles and Larry,

Thanks to both of you for the information on the IP filter in Packet
Rules. I have researched the documentation in the link and in iNav
help. The sample filter statements seemed to have the primary
information that I need for the syntax. The only question I have is can
the SRCADDR = parameter have a value of 162.56.*.* to allow all IP
address that begin with 162.56 and therefore default to deny all other
addresses that do not begin with 162.56.

For example:
FILTER SET TestFilter ACTION = PERMIT DIRECTION = INBOUND SRCADDR =
162.56.*.* DSTADDR = * PROTOCOL = * DSTPORT =* SRCPORT = *

If you have any other recommendations for documentation on the syntax,
please let me know. Larry, I hope I don't need your rescue command but
I am really glad that you provided it just in case. Thanks again.

Diana Hicks
Town of Jupiter


-----Original Message-----
date: Mon, 9 Jul 2007 08:25:23 -0400
from: "Wilt, Charles" <WiltC@xxxxxxxxxx>
subject: RE: Denying TCP connections based on IP

Diana,

You don't mention what version of OS/400 you're on.

But OS/400 does include an IP packet filter you can turn on to do
exactly what you are requesting.

http://publib.boulder.ibm.com/infocenter/iseries/v5r4/topic/rzajb/rzajbr
zajb0ippacketsecuritysd.htm

HTH,
Charles

date: Mon, 09 Jul 2007 09:08:25 -0400
from: Larry Bolhuis <lbolhuis@xxxxxxxxxx>
subject: Re: Denying TCP connections based on IP

What you want is Packet Filters.

Open iNav then navigate down to Network -> IP Policies -> Packet Rules
Rules can be places on any or all interfaces into your system.

There is an editor there and a wizard. Do not play here if you don't
know IP addressing and subnet masks!!

But remember the 'Foghorn Leghorn' ("Fortunately I keep my feathers
numbered for just such an Emergency!") command: RMVTCPTBL *ALL.. This
is entered on the console when you activate a packet rule that
disconnects all your iNav functions so that you can't fix them! The
command doesn't delete them simply de-activates them so you can get back

in and fix them. Don't ask how I know this command. :-)

- Larry



PLEASE NOTE: Florida has a very broad public records law. Most written
communications to or from the Town of Jupiter officials and employees regarding
public business are public records available to the public and media upon
request. Your e-mail communications may be subject to public disclosure. Under
Florida law, e-mail addresses are public records. If you do not want your
e-mail address released in response to a public records request, do not send
electronic mail to this entity. Instead, contact this office by phone or in
writing. The views expressed in this message may not necessarily reflect those
of the Town of Jupiter. If you have received this message in error, please
notify us immediately by replying to this message, and please delete it from
your computer. Thank you.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.