Nick, As Chris pointed out, the product was Stonegate. I want to add to Adam's reply a little. If you anticipate a _lot_ of network traffic, and perhaps a complex iptables ruleset, then running the firewall on the mainframe would likely be a bad idea. Firewalls get very CPU intensive under high traffic, much to my own disappointment.
I would also echo Adam's sentiment about keeping the number of point-to-point links per guest small. It becomes a management nightmare more than anything. From your question, I'm assuming you're not up to z/VM 4.3 then? Mark Post -----Original Message----- From: Nick Laflamme [mailto:[EMAIL PROTECTED] Sent: Thursday, January 15, 2004 3:18 PM To: [EMAIL PROTECTED] Subject: Firewalls? As we lurch forward with our pilot project, our network security people would like to install a firewall as a Linux image on the mainframe to keep the various Linux guests from beating on each other, because in the real world, there are firewalls in place (more or less) to keep "real" Linux images from beating on each other. Our "real" firewalls run one of the offerings from Checkpoint, but they don't seem to have ported anything to Linux on the mainframe (or else their web pages aren't up to date about that). A neighboring Linux S/390 site has talked in general terms about iptables being robust enough for their needs. I remember a SHARE talk on porting an application to Linux on the mainframe where the application was a firewall, but I can't find a handout from that session. So, are there commonly used alternatives to iptables for firewalls on the mainframe? Is iptables commonly used, for that matter, or are most of you relying upon external firewalls for any firewall needs you have? Related question: are there practical limits to how many point-to-point connections a Linux image can manage? Thanks, Nick
