As we lurch forward with our pilot project, our network security people would like to install a firewall as a Linux image on the mainframe to keep the various Linux guests from beating on each other, because in the real world, there are firewalls in place (more or less) to keep "real" Linux images from beating on each other.
Our "real" firewalls run one of the offerings from Checkpoint, but they don't seem to have ported anything to Linux on the mainframe (or else their web pages aren't up to date about that). A neighboring Linux S/390 site has talked in general terms about iptables being robust enough for their needs. I remember a SHARE talk on porting an application to Linux on the mainframe where the application was a firewall, but I can't find a handout from that session.
So, are there commonly used alternatives to iptables for firewalls on the mainframe? Is iptables commonly used, for that matter, or are most of you relying upon external firewalls for any firewall needs you have?
Related question: are there practical limits to how many point-to-point connections a Linux image can manage?
Thanks, Nick
