Subject: Re: [netatalk-admins] how do you restrict netatalk by ip address?
From: Steven Bonneville (bonnevil@ima.umn.edu)
Date: Tue Jul 28 1998 - 12:37:56 EDT
John Ostrowick <jon@cs.wits.ac.za> wrote:
> i don't know the answer to this but i would like a neat utility to get the
> ip address of the mac that's running the afpd, so i can tell which mac the
> particular user is logged in from :-)
>
[...]
>
> On Tue, 28 Jul 1998 nielsen@www.tcu-inc.com wrote:
>
> > Is there any easy way to restrict netatalk according to the ipaddress?
> > I was trying to use ipfwadm to block a port, but I couldn't specify the
> > protocol (which happens to be ddp) because it said it was unrecognized.
Who says the Mac even *has* an IP address? As Tony Stuckey pointed out,
DDP is not an IP protocol. Look at the README file that comes with the
source to see a diagram of the network stack. DDP and IP both sit on
top of the Ethernet layer.
As far as DDP is concerned, the Mac's network address is the one reported
by nbplkup. Remember, you don't need to have TCP/IP configured on a Mac
to use the Chooser; only AppleTalk needs to be configured and active.
The ipfwadm utility is for IP firewall administration. It filters IP
packets. Right now, you can specify rules for all IP packets, or by
protocol for the TCP, UDP, and ICMP protocols only. I understand that
eventually ipfwadm will be written to allow filtering of arbitrary IP
protocols besides those three (like EGP, for instance). But as I
understand it, it doesn't affect DDP packets.
-- Steve Bonneville
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:33:00 EST