On Iau, 2004-01-15 at 20:18, Nick Laflamme wrote:
> their web pages aren't up to date about that). A neighboring Linux S/390
> site has talked in general terms about iptables being robust enough for
> their needs. I remember a SHARE talk on porting an application to Linux
> on the mainframe where the application was a firewall, but I can't find
> a handout from that session.

The netfilter functionality is certainly robust enough.

> Related question: are there practical limits to how many point-to-point
> connections a Linux image can manage?

Only at the S/390 level I suspect. You also don't need seperate firewall
images. Unlike checkpoint the Linux firewall code can run on the same
image, and that isnt a bad idea if the box is only supposed to be
offering specific services to specific people.

Tools like lokkit will write you a generic "only allow ssh" ruleset, but
you might want to use firestarter or do them by hand for more complex
stuff like "db2 access only from box A B and C"

Reply via email to