This exit will turn your VTAM into a firewall which will allow or reject sessions being setup. All session related info must be defined in a separate RACF class.
Simply assemble and link the ISTEXCAA exit into your VTAM loadlibray.
Add the F1REWALL class to the RACF class descriptor table (ICHRRCDE)
Add the F1REWALL class to the SAF router (ICHRFR01)
Re-IPL your system (Yes, unfortunately this is still required to add RACF classes)
The best way to start using the F1REWALL is to first activate the F1REWALL class (SETR CLASSACT(F1REWALL) GENERIC(F1REWALL) GENCMD(F1REWALL) RACLIST(F1REWALL)
In order to tell VTAM to re-initialize the exit, issue MODIFY NET,EXIT,ID=ISTEXCAA,OPTION=REPL (This is only nessesary when activating/deactivating the F1REWALL class. The exit will RACLIST the profiles upon initialization)
The exit will now issue messages indicating that sessions are being 'allowed' this means that there are no suitable profiles found to either grant or reject session setup.
Once a profile exists, and the sessions are allowed, the messages will disappear. Rejected sessions will always generate a message.
The basic profile format is:
primnet.plu.secnet.slu
primnet.plu.secnet.slu.initnet.iluis checked and if this profile exists and access is granted, then session setup will be allowed.
Sourcecode is distributed in distribution file istexcaa.zip (IEBUPDTE format)