Restricting Endpoints
You can restrict the assignment of endpoints (ports) for DCE servers and clients to a specific set. This is useful if your environment has non-DCE applications that are designed to use
certain endpoints, and you do not want to be concerned about DCE servers or clients monopolizing them.
The facility is activated by setting the RPC_RESTRICTED_PORTS environment variable with the list of endpoints to which dynamic assignment should be restricted before starting a client or
server application. RPC_RESTRICTED_PORTS governs only the dynamic assignment of server ports by the RPC runtime. It does not affect well-known endpoints.
The following example restricts servers to using TCP/IP endpoints ranging from 5000 to 5110, and 5500 to 5521. It restricts UDP/IP endpoints to the range of 6500 to 7000.
% set RPC_RESTRICTED_PORTS ncacn_ip_tcp[5000-5110,5500-5521]:ncadg_ip_udp[6500-7000]
To use RPC_RESTRICTED_PORTS for DCE servers such as CDS, set the environment variable each time before starting your cell.
Note that this facility does not add any security to RPC and is not intended as a security feature. It merely facilitates configuring a network "firewall" to allow incoming calls to DCE servers.
|