User control of Ephemeral Port Ranges

z/OS® V2R1 Communications Server provides new TCP/IP profile configuration options that allow you to specify the ephemeral port range for use by TCP sockets, UDP sockets, or both. Previously, ephemeral ports were assigned from the range 1024 - 65535. To facilitate port controls on firewalls, you can specify a subset of the 1024 - 65535 range for use as ephemeral ports.

Restriction: You cannot expand the range of ephemeral ports to ports beyond the existing 1024 - 65535 range.

Specifying an ephemeral port range

To specify an ephemeral port range for use by TCP or UDP sockets, perform the appropriate tasks in Table 1.

Table 1. User control of Ephemeral Port Ranges
Task	Reference
Understand the interactions of the methods of TCP and UDP socket port restriction.	See the parameters INADDRANYPORT and INADDRANYCOUNT of BPXPRMxx in z/OS MVS Initialization and Tuning Reference See the following topics in z/OS Communications Server: IP Configuration Reference: GLOBALCONFIG statement PORT statement PORTRANGE statement TCPCONFIG statement UDPCONFIG statement VIPADYNAMIC – VIPADISTRIBUTE statement
Restrict the range of ports to be used as ephemeral ports for TCP sockets.	TCPCONFIG statement in z/OS Communications Server: IP Configuration Reference
Restrict the range of ports to be used as ephemeral ports for UDP sockets.	UDPCONFIG statement in z/OS Communications Server: IP Configuration Reference
Display the ranges of ports to be used as ephemeral ports for TCP and UDP sockets.	Netstat CONFIG/-f report in z/OS Communications Server: IP System Administrator's Commands
Determine whether the ranges of ports to be used as ephemeral ports for TCP and UDP sockets are sufficient for your application needs.	Netstat STATS/-S report in z/OS Communications Server: IP System Administrator's Commands