You can control access to particular ports by port number, by reserving the port using the PORT or PORTRANGE profile statements. Use the PORT and PORTRANGE statements to reserve well-known or configured ports for the applications that need to bind to them. You can use the optional SAF parameter to provide additional access control.
You can reserve an individual port or range of ports with a job name, a wildcard job name (*), a partial wildcard job name (0-7 characters, followed by *), or the special job name of RESERVED. If you specify a job name, the port is reserved for an application that has the specified job name. If you specify a partial wildcard job name, the port is reserved for any application that matches the partial wildcard job name. If you specify a wildcard job name, the port is reserved for any application with any job name. The RESERVED job name shuts down the use of a port or range of ports for any application.
If you specify the SAF keyword on the PORT or PORTRANGE statement, it can provide additional access control by verifying that the user ID associated with an application at the time of a bind to the port is authorized to access the port. The SAF keyword value specifies a portion of the resource name that represents the port. Define the EZB.PORTACCESS.sysname.stackname.port_safname resource profile in the SERVAUTH class to control access to the port, where port_safname is the same value that you specify on the SAF keyword of the PORT or PORTRANGE statement. The user ID that is associated with the application at the time of the bind request must have READ access to this resource for the application to be able to bind to the port.
