[Info-vax] OpenVMS TCPIP equivalent of hosts.deny?
Steven Schweda
sms.antinode at gmail.com
Wed Nov 16 22:34:18 EST 2016
> [...] There is a discussion so limits of being 32 but not
> sure if that is per command or total for each of
> host/network. [...]
For any service, you get a maximum of 16 networks and 32
hosts. The number of names/addresses per command matters not
at all.
tcpip help set service /reject
> I would probably keep a backup of what I had set [...]
Around here, I use DCL scripts to do the work. For
example (TELNET_REJECT.COM):
$!
$! Set Telnet rejected networks.
$!
$ tcpip
!
! Define the rejection message.
!
set service Telnet /reject = message = -
"Telnet IP address rejected"
[...]
!
! Clear the host reject list.
!
set service Telnet /reject = nohost = *
!
! Clear the network reject list.
!
set service Telnet /reject = nonetworks = *
!
! Rejected hosts:
!
! hosted-by.i3d.net 2014-01-10
set service Telnet /reject = host = (31.204.155.73)
[...]
!
! Rejected networks:
!
! ttnet.net.tr (KEEP.)
! 78.0.0.0 - 79.x.x.x
! 80.0.0.0 - 95.x.x.x
set service Telnet /reject = networks = (78.0.0.0:254.0.0.0)
set service Telnet /reject = networks = (80.0.0.0:240.0.0.0)
[...]
!
! Disable and re-enable Telnet service to activate changes.
!
disable service Telnet
enable service Telnet
!
There's also a global communication accept/reject
capability (which acts without OPCOM clutter) with the same
16+32 limits:
tcpip help set communication /reject
No need to disable/enable anything for those.
I normally keep a set of subnet masks in comments in these
scripts:
! Popular netmasks:
!
! 11111111 /8 = 255 11111110 /7 = 254 11111100 /6 = 252 11111000 /5 = 248
!
! 11110000 /4 = 240 11100000 /3 = 224 11000000 /2 = 192 10000000 /1 = 128
As usual, some basic system info would be a good way to
begin any such discussion:
tcpip show version
More information about the Info-vax
mailing list