This feature enables you to validate incoming IP addresses against a table in the ECAIPLSx member in IOA.PARM library. This list of IP addresses is a source table that contains IP addresses that are allowed or forbidden to communicate with IOAGATE. All incoming addresses are checked against the table.
Define these IP addresses using one of the following methods:
Note: When IPv6 is enabled on the z/OS system, IOAGATE messages display incoming IPv4 connections in the form of IPv4-mapped IPv6 addresses. However, do not use IPv4-mapped IPv6 addresses in the ECAIPLSx member. Use the IPv4 addresses instead. IPv6 addresses can be specified in full (39 characters) or abbreviated format (for example, 'fd66:bc12:ac12:101::3'.
ALLOW FD66:BC12:AC12:101::1-FD66:BC12:AC12:101::FFFF
The low and high addresses must be separated by one hyphen, no spaces.
Note: ALLOW * and FORBID * apply also to IPv6 addresses.
If the text extends beyond column 70 (for example, if the 2 IP addresses are 39 character long each), use the following 2-line format:
Example:
ALLOW *
FORBIDFR 2001:500:100:1191:250:56FF:FEB7:4A30
FORBIDTO 2001:500:100:1191:250:56FF:FEB7:4A39
Note: The subnet mask applies both to the incoming address and the specified address in the entry. The mask selects the exact bits in both addresses that are matched. The rest of the bits are ignored.
For details on how to define IP addresses, see Guidelines for defining IP addresses.
For examples on how to code IP addresses, see Examples.
Parent Topic |