Temporarily blocking specific IP addresses if the queue manager is not running

You might want to block particular IP addresses, or ranges of addresses, when the queue manager is not running and you cannot therefore issue MQSC commands. You can temporarily block IP addresses on an exceptional basis by modifying the blockaddr.ini file.

About this task

The blockaddr.ini file contains a copy of the BLOCKADDR definitions that are used by the queue manager. This file is read by the listener if the listener is started before the queue manager. In these circumstances, the listener uses any values that you have manually added to the blockaddr.ini file.

However, be aware that when the queue manager is started, it writes the set of BLOCKADDR definitions to the blockaddr.ini file, over-writing any manual editing you might have done. Similarly, every time you add or delete a BLOCKADDR definition by using the SET CHLAUTH command, the blockaddr.ini file is updated. You can therefore make permanent changes to the BLOCKADDR definitions only by using the SET CHLAUTH command when the queue manager is running.

Procedure

  1. Open the blockaddr.ini file in a text editor.
    The file is located in the data directory of the queue manager.
  2. Add IP addresses as simple keyword-value pairs, where the keyword is Addr.
    For information about filtering IP addresses with patterns, see Generic IP addresses.
    For example: 
    
Addr = 192.0.2.0
Addr = 192.0.*
Addr = 192.0.2.1-8