We use IP filtering for DR tests where we need to keep the production world from leaking into the DR world. It works quite well and can be pretty specific. It is strictly a mainframe function.
. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-302-7535 Office [email protected] -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Burrell, C. Todd (CDC/OCOO/OCIO/ITSO) (CTR) Sent: Monday, April 11, 2016 11:58 AM To: [email protected] Subject: (External):Re: TCPIP "firewall" I think if you use the IP filtering section in this book you should be able to accomplish this: http://www.redbooks.ibm.com/redbooks/pdfs/sg247699.pdf But I would tread carefully - this looks like it could cause more damage than the good that it does. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of R.S. Sent: Monday, April 11, 2016 2:47 PM To: [email protected] Subject: TCPIP "firewall" I need to block connections coming from given IP address or whole subnetwork. It can be limited to one TCP port. For example, my z/OS has address 10.1.1.1/24 workstation I want to deny has address 10.3.1.1/24 (another subnet) I want the workstation cannot connect to 10.1.1.1 port 3000. Or cannot connect at all. As an option I want block any workstation from 10.3.1.nn network. Answering obvious question: No, I cannot do it on the network router, because I don't manage network. I can manage my /zOS configuration. Not to mention responsiveness. Any clue? -- Radoslaw Skorupka Lodz, Poland ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
