MODIFY command: Defense Manager daemon

Use the MODIFY command to control the Defense Manager (DM) functions from the operator console.

Format

Read syntax diagramSkip visual syntax diagram
|--+-MODIFY-+--procname,DISPLAY---------------------------------|
   '-F------'                     

|--+-MODIFY-+--procname,REFRESH--+--------------------+---------|
   '-F------'                    +-,FILE='filename'---+   
                                 '-,FILE=//'filename'-'   

|--+-MODIFY-+--procname,FORCE_INACTIVE,stackname----------------|
   '-F------'                                      

Parameters

procname
The member name of the cataloged procedure that is used to start the Defense Manager daemon (DMD).
DISPLAY
Displays configuration values that are currently being used by the DMD.
REFRESH
Indicates that the DMD configuration file should be reread. The file is treated as a complete replacement, so it must contain all necessary DMD configuration information. You cannot update all DMD parameters using this command. See the description for the parameters in the configuration file to find out which ones can be dynamically changed. You must include parameters that cannot be dynamically changed in the REFRESH configuration file if the daemon was started with a value for the parameter that was not the default value. See the Defense Manager daemon information in the z/OS Communications Server: IP Configuration Reference.
FILE
Indicates the name and location of the DMD configuration file that is to be read. The file is treated as a complete replacement so it must contain all necessary DMD configuration information. The file name must be a fully qualified z/OS® UNIX file name or MVS™ data set name. A z/OS UNIX file name must be enclosed by single quotation marks ('). MVS data set names must begin with two forward slashes (//) and the data set name must be enclosed by single quotation marks ('). This option is valid only when specified with REFRESH.
FORCE_INACTIVE ,stackname
Forces the TCP/IP stack named stackname to become inactive with respect to defensive filters. All defensive filters for the stack are removed from DMD persistent memory and also from the stack itself. No additional defensive filters are added to the stack while it is in inactive mode. The stack does not have to be configured in the DMD configuration file in order for the FORCE_INACTIVE option to operate. If the stack is active and IP security is enabled, then any defensive filters in the stack are removed regardless of the DMD configuration status of the stack. Changes to the mode of the stack persist until the next time the MODIFY procname,REFRESH command is successfully issued. See the Defense Manager daemon information in the z/OS Communications Server: IP Configuration Reference.

Examples

The following example displays the command and current configuration values.

f dmd,display
EZD1733I DISPLAY DMD CONFIGURATION
Defense Manager Configuration Settings
  SyslogLevel              = 7
  DefensiveFilterDirectory = /var/dm/filters
  DM Config for TCP/IP stack TCPCS
    Mode            = Simulate
    MaxLifetime     = 1440
    DefaultLogLimit = 100
    Exclude         192.168.1.3
    Exclude         192.168.1.10

The following example is the command and output used to forcibly deactivate a stack with respect to the Defense Manager daemon (DMD).

F DMD,FORCE_INACTIVE,TCPCS
EZD1643I THE DEFENSIVE FILTER MODE FOR STACK TCPCS WAS SUCCESSFULLY
        FORCED TO INACTIVE
Parent topic: MODIFY command