Prevent access to File Transfer Protocol ports

To prevent File Transfer Protocol (FTP) from starting, and to prevent someone from associating a user application, such as a socket application, with the port that the iSeries™ normally uses for FTP, follow these steps:
  1. In iSeries Navigator, expand your iSeries Server > Network > Servers > TCP/IP .
  2. Right-click TCP/IP Configuration and select Properties.
  3. In the TCP/IP Configuration Properties window, click the Port Restrictions tab.
  4. On the Port Restrictions page, click Add.
  5. On the Add Port Restriction page, specify the following information:
    • User name: Specify a user profile name that is protected on your iSeries. (A protected user profile is a user profile that does not own programs that adopt authority and does not have a password that is known by other users.) By restricting the port to a specific user, you automatically exclude all other users.
    • Starting port: 20
    • Ending port: 21
    • Protocol: TCP
  6. Click OK to add the restriction.
  7. On the Port Restrictions page, click Add and repeat the procedure for the UDP protocol.
  8. Click OK to save your port restrictions and close the TCP/IP Configuration Properties window.
  9. The port restriction takes effect the next time that you start TCP/IP. If TCP/IP is active when you set the port restrictions, you should end TCP/IP and start it again.
Notes:
  • The port restriction takes effect the next time that you start TCP/IP. If TCP/IP is active when you set the port restrictions, you should end TCP/IP and start it again.
  • The Internet Assigned Numbers Authority (IANA) website provides information about assigned port numbers at http://www.iana.org.
  • If ports 20 or 21 are restricted to a user profile other than QTCP, attempting to start the FTP server will cause it to immediately end with errors.
  • This method works only for completely restricting an application such as the FTP server. It does not work for restricting specific users. When a user connects to the FTP server, the request uses the QTCP profile initially. The system changes to the individual user profile after the connection is successful. Every user of the FTP server uses QTCP's authority to the port.
Parent topic: Prevent File Transfer Protocol server access