I think you can specify INBOUND/OUTBOUND or both. On Mon, Apr 11, 2016 at 3:37 PM, Jousma, David <[email protected]> wrote:
> Can it be used for just the opposite? I.e. the DR world from leaking into > production? This has been an ongoing discussion for us over the years. > We have to disable "stuff" like MQ connections, FTP, Connect Direct, etc > > _________________________________________________________________ > Dave Jousma > Assistant Vice President, Mainframe Engineering > [email protected] > 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H > p 616.653.8429 > f 616.653.2717 > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Jesse 1 Robinson > Sent: Monday, April 11, 2016 3:33 PM > To: [email protected] > Subject: Re: TCPIP "firewall" > > We use IP filtering for DR tests where we need to keep the production > world from leaking into the DR world. It works quite well and can be pretty > specific. It is strictly a mainframe function. > > . > . > . > J.O.Skip Robinson > Southern California Edison Company > Electric Dragon Team Paddler > SHARE MVS Program Co-Manager > 323-715-0595 Mobile > 626-302-7535 Office > [email protected] > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Burrell, C. Todd (CDC/OCOO/OCIO/ITSO) (CTR) > Sent: Monday, April 11, 2016 11:58 AM > To: [email protected] > Subject: (External):Re: TCPIP "firewall" > > I think if you use the IP filtering section in this book you should be > able to accomplish this: > > http://www.redbooks.ibm.com/redbooks/pdfs/sg247699.pdf > > But I would tread carefully - this looks like it could cause more damage > than the good that it does. > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of R.S. > Sent: Monday, April 11, 2016 2:47 PM > To: [email protected] > Subject: TCPIP "firewall" > > I need to block connections coming from given IP address or whole > subnetwork. It can be limited to one TCP port. > > For example, my z/OS has address 10.1.1.1/24 workstation I want to deny > has address 10.3.1.1/24 (another subnet) I want the workstation cannot > connect to 10.1.1.1 port 3000. Or cannot connect at all. > As an option I want block any workstation from 10.3.1.nn network. > > Answering obvious question: No, I cannot do it on the network router, > because I don't manage network. I can manage my /zOS configuration. Not to > mention responsiveness. > > Any clue? > > -- > Radoslaw Skorupka > Lodz, Poland > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to [email protected] with the message: INFO IBM-MAIN > > This e-mail transmission contains information that is confidential and may > be privileged. It is intended only for the addressee(s) named above. If > you receive this e-mail in error, please do not read, copy or disseminate > it in any manner. If you are not the intended recipient, any disclosure, > copying, distribution or use of the contents of this information is > prohibited. Please reply to the message immediately by informing the sender > that the message was misdirected. After replying, please erase it from your > computer system. Your assistance in correcting this error is appreciated. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- “Live as if you were to die tomorrow. Learn as if you were to live forever.” – Mahatma Gandhi ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
