1.  Home
  2. MIDRANGE-L
  3. June 2016

Re: Implementing Port Restrictions

"closing a port" sounds more like something you'd do on a firewall.

In other words, FTP might be usable inside your network, but you don't want
to allow FTP from external to internal so you'd close port 21 on the
firewall. But in this day and age, your firewall should start out with
everything closed and you'd only "open" the ports you need.

"Closing a port" on a server simply doesn't make sense. If for instance
you don't want to allow FTP to a server, simply make sure that you're not
running an FTP server service on that server.

If there's nothing listing on port 21, then there's nothing to "close"

From a server perspective, you don't close ports. You simply make sure
you're not running any services you don't need.

The only other thing would be to restrict for example, port 21 traffic and
only accept it from certain internal IP address.

Charles


On Fri, Jun 24, 2016 at 11:23 AM, Rob Berendt <rob@xxxxxxxxx> wrote:

There are numerous applications which control whether or not they start up
automatically at IPL time. For example
CHGTELNA <F4>
Autostart server . . . . . . . . *YES *YES, *NO, *SAME


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: David Gibbs <david@xxxxxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Date: 06/24/2016 10:59 AM
Subject: Re: Implementing Port Restrictions
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



On 6/24/2016 8:42 AM, Rich Loeber wrote:
Does anyone have suggestions on getting started with port
restrictions? What ports to leave open and which ones to close. When
you close a port, does it get reopened after an IPL?

I would advise that they get a dedicated firewall and not try to do it on
the i.

As for ports on the i, I would suggest just starting the servers that are
needed and shutting down those that aren't necessary.

david


--
David Gibbs
midrange.com

* IBM Power Systems Champion

IBM i on Power Systems: For when you can't afford to be out of business!

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.