Defensive filters are checked before IP security filters. To ensure that an administrator is not blocked by a defensive filter, you can exclude the administrator's IP address from defensive filter processing by specifying the administrator's address on the Exclude parameter of the DmStackConfig statement in the DMD configuration file. For more information about the DmStackConfig statement and its parameters, see z/OS Communications Server: IP Configuration Reference.