Also int setibmopt(int cmd, struct ibm_tcpimage *bfrp); System SSL sits logically between you and the TCP stack but I believe it honors the above option.
Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Phil Smith Sent: Friday, June 10, 2016 8:19 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: System SSL and private TCP/IP stack? Allan Staller wrote: -------> Look at the POLICY AGENT (PAGENT). There are some additional low level OMVS changes needed to support multiple TCP/IP stacks. I haven't checked, but PAGENT may be able to help here. You might/might not need an additional stack. and -------> Add //SYSTCPD DD DSN=.....,FREE=CLOSE to the STC JCL. The doc for the RESOLVER and SYSTCPD is in the IP Config Reference and IP Config Guide Thanks Allan! This is perfect, gives me the breadcrumbs I need to figure this out (well, or at least to get further with it). It indeed sounds like we shouldn't need a separate stack. If I'm reading the doc right, PAGENT sounds like a software firewall/IPTABLES kind of thing, and can be set up to say "Traffic to this IP on these ports is only allowed by that job", which is exactly what our customer wants. Jeez, and it took a whole seven minutes for you to respond...! (And then several times that for me to find the bloody book on the New! and Improved! Knowledge Center, grr... There appears to be no library page with a list of books, or if there is, it's not obvious to me.) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN