This article discusses the steps for preventing users from accessing
the TFTP server.
If you do not have any thin clients attached to your network, you
probably do not need to run the TFTP server on your system. Do the following
to prevent the TFTP server from running:
- To prevent TFTP server jobs from starting automatically when you
start TCP/IP, type the following: CHGTFTPA AUTOSTART(*NO)
AUTOSTART(*NO) is the default value.
- To prevent someone from associating a user application, such as
a socket application, with the port that the system normally uses for TFTP,
do the following:
- Type GO CFGTCP to display the Configure
TCP/IP menu.
- Select option 4 (Work with TCP/IP port
restrictions).
- On the Work with TCP/IP Port Restrictions display, specify option 1 (Add).
- For the lower port range, specify 69.
- For the upper port range, specify *ONLY.
Note: The port restriction takes effect the next time that you start
TCP/IP. If TCP/IP is active when you set the port restrictions, you should
end TCP/IP and start it again.
- For the protocol, specify *UDP.
- For the user profile field, specify a user profile name that
is protected on your system. (A protected user profile is a user profile that
does not own programs that adopt authority and does not have a password that
is known by other users.) By restricting the port to a specific user, you
automatically exclude all other users.