The IP security function can configure the Communications Server to perform packet filtering at the IP layer for IPv4 and IPv6.
IP filters are rules defined to either discard or permit packets. IP filtering matches a filter rule to data traffic based on any combination of IP source or destination address (or masked address), protocol, source or destination port, direction of flow, or time. IP filtering can control traffic being routed, or control access at the host that has the communication endpoint. Even when an external firewall is providing filtering protection for the host, Communications Server IP filtering can provide a secondary line of defense.
Figure 1. IP filtering at the z/OS® communication endpoint
For more information about IP filtering, see IP security.