0
TomLiotta 
7990 pts. | Oct 12 2009 10:30PM GMT
Do you want to stop unauthorized telnet access from outside or do you simply want to block access to QPADEV* devices? The two are not totally synonymous. Unauthorized outside access can connect to devices other than QPADEV* devices.
Tom
Whatis23 4040 pts. | Oct 13 2009 8:51AM GMT
Total lock out to the command TELNET for login is to set to public *exclude.
WoodEngineer 2280 pts. | Oct 13 2009 3:42PM GMT
We have had good success using the TELNET exit program provided by IBM, which can be found from the URL metnnioned by Teandy. It installed smoothly and is very secure.
Pdraebel 885 pts. | Oct 14 2009 9:02AM GMT
If you now which IP adresses (ranges) are allowed access you cold use CFGTPC option 2 (Routes) and remove the *DFTROUTE and add only the IP ranges you want to allow access toyour iSeries.
Doing that will cause you i not to reply to any requessts from IP’s outside allowed ranges.
Teandy 3250 pts. | Oct 14 2009 6:41PM GMT
Abigail wrote:
What would you set to Public *EXCLUDE?
On the command line, type WRKOBJ TELNET.
On the next screen, take option 2. Then change *PUBLIC authority to *EXCLUDE.
Edit Object Authority
Object . . . . . . . : TELNET Owner . . . . . . . : QSYS
Library . . . . . : QSYS Primary group . . . : *NONE
Object type . . . . : *CMD ASP device . . . . . : *SYSBAS
Type changes to current authorities, press Enter.
Object secured by authorization list . . . . . . . . . . . . *NONE
Object
User Group Authority
*PUBLIC *EXCLUDE
You can also use EDTOBJAUT OBJ(TELNET) OBJTYPE(*CMD). Both commands eventually take you to the same screen.
