XYGATE Access Control Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

221

222

223

224

225

226

227

228

229

230

XYGATE

Access Control Reference Manual

Appendix C: The ACACL File

XYPRO Technology Corporation 200 Proprietary and Confidential

C67: PORT

The PORT keyword can be used to limit the range of devices that can use a specific

ACACL Command Entry. For example, if the Himalaya system is on the Internet to

permit specific customers to access the system, the ACACL Command Entry can be

limited to only users from the incoming IP address.

Syntax:

PORT <portname specification>

Example 1:

COMMAND SECURE-TCPIP-TACL

!This entry is for LOCAL Intranet users and EXTERNAL authorized users

USER GROUP,USER

OBJECT $SYSTEM.SYSNN.TACLUPA

ACL $EVERYONE

OPENSBYOBJECTS $*.*.*

START_LOGGED_OFF

STOPONERROR 60,66,140,190,191

EXECUTEHANGUP

BANNER $SYSTEM.XYGATE.TCPIPBAN

NULLNULLNOCMDESC

CHECKCONNECTION 750 100

BLANKPASSWORD

TRACKUSERID

DISCONNECT_ALL_PROCESSES

DONOTSTOP $SYSTEM.SYSTEM.PATHMON

$SYSTEM.SYSTEM.PATHTCP2

NULLNULLSTOP

PORT 204.211.57.* 200.111.177.43 NOT 204.211.57.21

This example provides a TCP/IP session that is available to only two classes of users:

users from 204.211.57.* and users from 200.111.177.43, specifically exempting one

IP port, 204.211.57.21.

Example 2:

COMMAND WIRE-TACL

!The WIRE TACL can only be run locally

USER WIRE.MGR

OBJECT $SYSTEM.SYSNN.TACLUPA

ACL $TECH-SUPPORT

OPENSBYOBJECTS $*.*.*

START_LOGGED_ON

BLANKPASSWORD

DONOTSTOP $SYSTEM.SYSTEM.PATHMON

$SYSTEM.SYSTEM.PATHTCP2

NULLNULLSTOP

PORT $A1.#TERM* $B2.#TERM* $C3.#D3

This example secures the ACACL Command Entry so that it can only be used from

one of the physical terminals specified.