K.3 Definition for restricting connections from unintended hosts

To restrict connections from unintended hosts, create a file that defines the hosts allowed for connection with any name you like, and execute the jbssetcnf command to set the definition in the common definition information.

The following table describes the contents of the definition file.

Functions to be restricted	Key name	Option name and its value	Description
Command execution function Configuration management function	`JP1_DEFAULT\JP1BASE\COM_CONTROL\ROUTE`	`"UPPER_ONLY"=dword:{ 00000000 \| 00000001 }`	This option suppresses the requests that were sent from hosts other than the higher-level host defined in the configuration definition. If no common definition information has been set, the default value is used. If the specified value is outside the range of specifiable values, the default value is used during startup, or the value before reloading is used when the definition file is reloaded. `00000000`: Disable (default) `00000001`: Enable
`"ALT_CLIENT_HOSTS"="{` `host-name` `\|` `IP-address` `}, ..."`	If the `UPPER_ONLY` option is enabled, the requests that were sent from the hosts specified in this option are also accepted. If the `UPPER_ONLY` option is disabled, the setting in this option is disabled. You can specify no more than four hosts delimited by a comma. The default value is undefined.
Operation requests from linkage products (communication between JP1/Base)	`JP1_DEFAULT\JP1BASE\COM_CONTROL\RECEIVE`	`"CLIENT_HOSTS"="{` `host-name` `\|` `IP-address` `}, ..."`	The requests that were sent from hosts other than the hosts specified with this option are suppressed. If this option is not defined, connection is not restricted. You can specify no more than eight hosts delimited by a comma. The default value is undefined.

Functions to be restricted

Key name

Option name and its value

Description

Command execution function
Configuration management function

JP1_DEFAULT\JP1BASE\COM_CONTROL\ROUTE

"UPPER_ONLY"=dword:{ 00000000 | 00000001 }

This option suppresses the requests that were sent from hosts other than the higher-level host defined in the configuration definition. If no common definition information has been set, the default value is used. If the specified value is outside the range of specifiable values, the default value is used during startup, or the value before reloading is used when the definition file is reloaded.

00000000: Disable (default)

00000001: Enable

"ALT_CLIENT_HOSTS"="{ host-name | IP-address }, ..."

If the UPPER_ONLY option is enabled, the requests that were sent from the hosts specified in this option are also accepted. If the UPPER_ONLY option is disabled, the setting in this option is disabled. You can specify no more than four hosts delimited by a comma. The default value is undefined.

Operation requests from linkage products (communication between JP1/Base)

JP1_DEFAULT\JP1BASE\COM_CONTROL\RECEIVE

"CLIENT_HOSTS"="{ host-name | IP-address }, ..."

The requests that were sent from hosts other than the hosts specified with this option are suppressed. If this option is not defined, connection is not restricted. You can specify no more than eight hosts delimited by a comma. The default value is undefined.

Note:: If the system is running in a cluster environment, specify the settings by replacing JP1_DEFAULT with the logical host name on both the primary and secondary nodes.

Organization of this subsection

(1) Notes on the definition file

(1) Notes on the definition file

To disable the ALT_CLIENT_HOSTS or CLIENT_HOSTS option, define the null character ("").
The IP address format that can be specified for the ALT_CLIENT_HOSTS and CLIENT_HOSTS options are shown below. Note that, if the specified IP address does not conform to the following IP address format, it will be treated as the host name.

The format when specifying an IPv4 address
- The format is W.X.Y.Z. Specify each of W, X, Y, and Z with a decimal value from 0 to 255.
The format when specifying an IPv6 or IPv4 address
- The format is A:B:C:D:E:F:G:H. Specify each of A, B, C, D, E, F, G, and H with a hexadecimal value from 0 to ffff.
- If the value begins with 0, you can omit that 0.
- If the value is 0000, specify it as 0.
- Consecutive 0000 patterns can be replaced with "::" only once.
  
  Example:
  
  Before replacement: 0123:0000:0000:0000:4567:0000:0000:89ab
  
  After replacement: 123::4567:0:0:89ab
If the definition in the ALT_CLIENT_HOSTS or CLIENT_HOSTS option contains one of the following illegal specifications, the processing will continue using the default value during startup or using the definition before reloading when the definition file is reloaded:
- A duplicate host name is specified. (Note that the value is not case sensitive.)
- The number of specified hosts exceeds the specifiable number of hosts.
- The specified host name exceeds 256 bytes.
- Name resolution is not available for the specified host name.
If you change the IP addresses corresponding to the higher-level host registered in the configuration definition and to the host name defined in the option, the new settings are applied after the jbs_spmd_reload command is executed.
The IP addresses corresponding to the higher-level host registered in the configuration definition and to the host name defined in the option must be the same as the IP addresses that the source host actually uses for communication.
If you operate in an NAT environment, define the converted source IP address in the ALT_CLIENT_HOSTS or CLIENT_HOSTS option.
If you change the configuration definition from the submanager host for which the UPPER_ONLY option is enabled, define the local host name or the IP address of the local host in the ALT_CLIENT_HOSTS option of the manager host.
A host for which the UPPER_ONLY option is enabled and no higher-level host is registered in the configuration definition behaves as follows:
- Accepts the requests for changing configuration (definition distribution) from any hosts.
- Suppresses the requests for command execution from the hosts other than the local host.

To Page Top