[Info-vax] OpenVMS TCPIP equivalent of hosts.deny?
BillPedersen
pedersen at ccsscorp.com
Wed Nov 16 21:46:06 EST 2016
On Wednesday, November 16, 2016 at 9:19:32 PM UTC-5, Supratim Sanyal wrote:
> Hi,
>
> I am wondering if it is possible to maintain a "deny" file to use with
> the analyze/audit report generated from a batch job daily
> (http://sanyalnet-openvms-vax.freeddns.org:82/falserver/intrusions.txt)
> to keep these telnet spammers in control. Is there a "hosts.deny"
> equivalent that I can use to save a sorted unique list in for TCPIP to
> drop connections from?
>
> Thanks
>
> Supratim
>
>
>
>
>
>
>
>
>
>
>
> --
> Supratim Sanyal
> DECNET VMSMAIL: QCOCAL::SANYAL (via HECNET)
> Internet email: http://mcaf.ee/sdlg9f
> SANYALnet QCOCAL OpenVMS 7.3: telnet://sanyalnet-openvms-
> vax.freeddns.org
> SunOS 5.11 / Solaris 11 OpenIndiana: ssh sanyal.duckdns.org
> SanyalCraft Minecraft Server: sanyal.duckdns.org:25565
The interface to any of the OpenVMS TCPIP configuration data files is via the TCPIP command line interface. You can set accept/reject for host or network on a per "service" (i.e. port) basis using TCPIP SET SERVICE <servicename> /REJECT|ACCEPT ... for hosts and networks. There is a discussion so limits of being 32 but not sure if that is per command or total for each of host/network. This same command interface removes hosts or networks from the configuration data files.
The TCPIP SHOW SERVICE /FULL <servicename> should give a report of accept/reject host and networks.
I would probably keep a backup of what I had set so I could manage it if the reports were not accurate. You can clear all entries with wild cards.
You need to disable/enable the service (cycle it) so that changes take effect.
Bill.
More information about the Info-vax
mailing list