This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
This capability already exists with IP Defensive Filters. Recreating this capability on another command is not cost justified.
Any update on this feature you can do for us and also to other company who are not financially big using the mainframe.
regards Jose Isidro
Defensive filtering we cannot use. We are small company and use third party to block our security. In our mainframe, we do not have crypto, ssl/tls, ipsecurity on. We are a small shop and concern with budget and MSU. This is a steel company and we are not like the bigger financial or airline company. We would like a command in tcpip that can do this without any additional cost of what we have in our CEC hardware. We will be moving from z11 to z14. The same we will be doing of no security. IDS3270 is a great feature and we tested to stop the intrusion. We also used automation to highlight the ist2424 messages to the console. regards Jose Isidro
A command to block ippaddress and also issue a open. This prevent the unwanted ipaddress from entering your mainframe network. like a vary tcipip, stop and start command but do a vary tcpip, block and open command. On IDS3270 we will see excessive ist2424i messages saying the intrusion of the the content of the ipaddress and we want to block it. Also, command to open, when we inadvertently block the address. regards Jose Isidro
A command to block ippaddress and also issue a open. This prevent the unwanted ipaddress from entering your mainframe network. like a vary tcipip, stop and start command but do a vary tcpip, block and open command. On IDS3270 we will see excessive ist2424i messages saying the intrusion of the the content of the ipaddress and we want to block it. Also, command to open, when we inadvertently block the address. regards Jose Isidro
This capability already exists through the use of Defensive Filters. See the following section in the IP Config Guide:
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.halz002/dmd.htm#dmd
Defensive filters can be dynamically installed to block traffic from a remote IP address to a specific port or to all ports. These filters can be installed using the IPSEC -F option. For more details:
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.halu101/deffiltopt.htm#deffiltopt
Note, these defensive filters are not persistent, you get to specify the amount of time they are in effect for (up to 2 weeks). The idea is that if you want them to persist indefinitely you would implement them as IP filters in your policy. Does this meet your needs?