Skip to Main Content
IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Not under consideration
Workspace z/OS
Created by Guest
Created on May 21, 2018

TCPIP command to terminate IPADDRESS

A command in tcpip to terminate or stop a ipaddress. We can do a drop on a connid or port. Want to have more granualar to terminate or stop a ipaddress from coming inbound to the mainframe. Lets say a illegal intrusion from IDS3270 will show ipaddress of the intrustion. If we can have a TCPIP command to stop or terminate it from coming in.

Idea priority High
  • Guest
    Reply
    |
    Oct 30, 2018

    This capability already exists with IP Defensive Filters. Recreating this capability on another command is not cost justified.

  • Guest
    Reply
    |
    Jun 13, 2018

    Any update on this feature you can do for us and also to other company who are not financially big using the mainframe.
    regards Jose Isidro

  • Guest
    Reply
    |
    Jun 8, 2018

    Defensive filtering we cannot use. We are small company and use third party to block our security. In our mainframe, we do not have crypto, ssl/tls, ipsecurity on. We are a small shop and concern with budget and MSU. This is a steel company and we are not like the bigger financial or airline company. We would like a command in tcpip that can do this without any additional cost of what we have in our CEC hardware. We will be moving from z11 to z14. The same we will be doing of no security. IDS3270 is a great feature and we tested to stop the intrusion. We also used automation to highlight the ist2424 messages to the console. regards Jose Isidro

  • Guest
    Reply
    |
    Jun 8, 2018

    A command to block ippaddress and also issue a open. This prevent the unwanted ipaddress from entering your mainframe network. like a vary tcipip, stop and start command but do a vary tcpip, block and open command. On IDS3270 we will see excessive ist2424i messages saying the intrusion of the the content of the ipaddress and we want to block it. Also, command to open, when we inadvertently block the address. regards Jose Isidro

  • Guest
    Reply
    |
    Jun 8, 2018

    A command to block ippaddress and also issue a open. This prevent the unwanted ipaddress from entering your mainframe network. like a vary tcipip, stop and start command but do a vary tcpip, block and open command. On IDS3270 we will see excessive ist2424i messages saying the intrusion of the the content of the ipaddress and we want to block it. Also, command to open, when we inadvertently block the address. regards Jose Isidro

  • Guest
    Reply
    |
    Jun 7, 2018

    This capability already exists through the use of Defensive Filters. See the following section in the IP Config Guide:
    https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.halz002/dmd.htm#dmd

    Defensive filters can be dynamically installed to block traffic from a remote IP address to a specific port or to all ports. These filters can be installed using the IPSEC -F option. For more details:
    https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.halu101/deffiltopt.htm#deffiltopt

    Note, these defensive filters are not persistent, you get to specify the amount of time they are in effect for (up to 2 weeks). The idea is that if you want them to persist indefinitely you would implement them as IP filters in your policy. Does this meet your needs?