If you can determine what ports your various firewalls consider "dangerous", you can reserve them in your TCPIP parms. Then they aren't used via FTP (or others) when suggesting a temporary highport
> -----Original Message----- > From: IBM Mainframe Discussion List <[email protected]> On > Behalf Of Paul Gilmartin > Sent: Thursday, May 06, 2021 4:29 PM > To: [email protected] > Subject: Re: Looking for help understanding an FTP problem > > On Thu, 6 May 2021 08:54:18 -0700, Charles Mills wrote: > > >Yup! The answer from Dallas is > > > ><URL:https://urldefense.com/v3/__http://dtsc.dfw.ibm.com/MVSDS/'HTT > PD2.DSN01.PUBLIC.SHTML(BLKPORTS)'__;!!JmPEgBY0HMszNaDT!4ekem9Fq > yzBPZw0WTbnQu3Gut3-I1Fc3nBRIRS-DnE7SpL3AhYEsth7iQe8MoQ$ > [RFC > 1738; gil] > > > >I think that is a public document. If it's not, well, sorry. > > > >I guess I will add all of these to the PORT list. > > > I find various documentation (Linux-centric?) that if your client > requests port 0, the service returns an unused port, no TOCTTOU. > > Of course, your problem is not that they are in use, but that they > are blocked by the firewall. But it would be a courtesy if the > service were to treat them as if they were in use. > > RFE? > > -- gil > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
