Quick Links

Sponsored Links

Support Goto400.com

CL Command Reference - ADDTCPPORT

CL Command List > ADDTCPPORT Reference

Description:

The Add TCP/IP Port Restriction (ADDTCPPORT) command is used to restrict a port or range of ports in the TCP/IP configuration to a particular user profile. A port can be restricted for use by multiple user profiles. The addition of the user profile takes effect immediately. Any user profiles currently using a port that will not have access to that port after the use of this command are allowed to finish processing.

The default authorization for TCP/IP ports is to allow any user profile access to any port. If it is unnecessary to restrict a port to a user profile or a group of user profiles, the system administrator does not need to use this command.

Once an application running under a user profile has obtained the use of a restricted port, TCP/IP does not prohibit that application from passing its rights to another job that may be running under another user profile. The new user profile for the port is not checked against the list of user profiles having exclusive rights to that port. That is because the allocation of the port occurred under the user profile that had exclusive rights to that port.

The check for restricted use of the port occurs only on the BIND operation to the port. If other user profiles are currently using a port and an administrator wants to restrict a port or range of ports, the administrator may need to end all current TCP connections or user datagram protocol (UDP) sockets using that port. To do this, enter NETSTAT, select option 3, then select all of the connections or listening sockets that are using the port that you want to restrict. Enter an option 4 (ENDTCPCNN) for each.

There are two independent sets of ports. One set is for TCP processing and the other is for UDP processing. They are completely independent sets of ports and have no relationship to one another.

Restrictions:

. You must have input/output system configuration (*IOSYSCFG) special authority to run this command.



Examples:

Example 1: Adding a Single User Profile

ADDTCPPORT PORT(7059) PROTOCOL(*UDP) USRPRF(TCPUSER)

This command adds the user profile TCPUSER to the set of user profiles that are allowed to bind UDP port 7059. User profiles that have not been added to this set or are not in a group profile that has been added will not be allowed to use UDP port 7059.


Example 2: Adding Multiple User Profiles

ADDTCPPORT PORT(1590) PROTOCOL(*TCP) USRPRF(USER1)
ADDTCPPORT PORT(1590) PROTOCOL(*TCP) USRPRF(USER2)

These commands show that a port can be restricted for use by multiple user profiles. User profiles USER1 and USER2 are the only users that are allowed to bind to TCP port 1590.


Example 3: Adding a Single User Profile to a Range of Ports

ADDTCPPORT PORT(1591 1600) PROTOCOL(*TCP) USRPRF(USER3)

This command adds the user profile USER3 to the set of user profiles that are allowed to bind TCP ports 1591 through 1600.