[Info-vax] OpenVMS TCPIP equivalent of hosts.deny?

[Supratim Sanyal]

In article <faa8fd75-139b-4693-81c4-89b150c1e22c at googlegroups.com>, 
pedersen at ccsscorp.com says...
> 
> On Wednesday, November 16, 2016 at 9:19:32 PM UTC-5, Supratim Sanyal wrote:
> > Hi,
> > 
> > I am wondering if it is possible to maintain a "deny" file to use with 
> > the analyze/audit report generated from a batch job daily 
> > (http://sanyalnet-openvms-vax.freeddns.org:82/falserver/intrusions.txt) 
> > to keep these telnet spammers in control. Is there a "hosts.deny" 
> > equivalent that I can use to save a sorted unique list in for TCPIP to 
> > drop connections from?
> > 
> > Thanks
> > 
> > Supratim
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > -- 
> > Supratim Sanyal
> > DECNET VMSMAIL: QCOCAL::SANYAL (via HECNET)
> > Internet email: http://mcaf.ee/sdlg9f
> > SANYALnet QCOCAL OpenVMS 7.3: telnet://sanyalnet-openvms-
> > vax.freeddns.org
> > SunOS 5.11 / Solaris 11 OpenIndiana: ssh sanyal.duckdns.org
> > SanyalCraft Minecraft Server: sanyal.duckdns.org:25565
> 
> The interface to any of the OpenVMS TCPIP configuration data files is via the TCPIP command line interface.  You can set accept/reject for host or network on a per "service" (i.e. port) basis using TCPIP SET SERVICE <servicename> /REJECT|ACCEPT ... for hosts and networks. There is a discussion so limits of being 32 but not sure if that is per command or total for each of host/network.  This same command interface removes hosts or networks from the configuration data 
files.
> 
> The TCPIP SHOW SERVICE /FULL <servicename> should give a report of accept/reject host and networks.
> 
> I would probably keep a backup of what I had set so I could manage it if the reports were not accurate.   You can clear all entries with wild cards.
> 
> You need to disable/enable the service (cycle it) so that changes take effect.
> 
> Bill.

Thanks for the pointer. I will try this approach (Steven Schweda's 
script that does this is additional help).