Can it be used for just the opposite? I.e. the DR world from leaking into production? This has been an ongoing discussion for us over the years. We have to disable "stuff" like MQ connections, FTP, Connect Direct, etc
_________________________________________________________________ Dave Jousma Assistant Vice President, Mainframe Engineering [email protected] 1830 East Paris, Grand Rapids, MIĀ 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Jesse 1 Robinson Sent: Monday, April 11, 2016 3:33 PM To: [email protected] Subject: Re: TCPIP "firewall" We use IP filtering for DR tests where we need to keep the production world from leaking into the DR world. It works quite well and can be pretty specific. It is strictly a mainframe function. . . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-302-7535 Office [email protected] -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Burrell, C. Todd (CDC/OCOO/OCIO/ITSO) (CTR) Sent: Monday, April 11, 2016 11:58 AM To: [email protected] Subject: (External):Re: TCPIP "firewall" I think if you use the IP filtering section in this book you should be able to accomplish this: http://www.redbooks.ibm.com/redbooks/pdfs/sg247699.pdf But I would tread carefully - this looks like it could cause more damage than the good that it does. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of R.S. Sent: Monday, April 11, 2016 2:47 PM To: [email protected] Subject: TCPIP "firewall" I need to block connections coming from given IP address or whole subnetwork. It can be limited to one TCP port. For example, my z/OS has address 10.1.1.1/24 workstation I want to deny has address 10.3.1.1/24 (another subnet) I want the workstation cannot connect to 10.1.1.1 port 3000. Or cannot connect at all. As an option I want block any workstation from 10.3.1.nn network. Answering obvious question: No, I cannot do it on the network router, because I don't manage network. I can manage my /zOS configuration. Not to mention responsiveness. Any clue? -- Radoslaw Skorupka Lodz, Poland ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
