Subject: Re: [netatalk-admins] how do you restrict netatalk by ip address?
From: Osma Ahvenlampi (oa@spray.fi)
Date: Wed Jul 29 1998 - 04:13:10 EDT
nielsen@www.tcu-inc.com writes:
> Is there any easy way to restrict netatalk according to the ipaddress?
> I was trying to use ipfwadm to block a port, but I couldn't specify the
> protocol (which happens to be ddp) because it said it was unrecognized.
DDP (AppleTalk) isn't IP, so it doesn't use IP addresses, either. It
uses AppleTalk zone:node addressing, and IP firewalls or TCP wrappers
will not affect it.
However, Netatalk+asun and recent MacOS versions support
AppleShare/IP, which is the afpd filing protocol over TCP/IP. Besides
being faster, it will allow you to restrict access using IP
firewalling or TCP wrappers. Of course, unless you modify Netatalk,
afpd will still work over DDP as well.. You can't disable the entire
DDP protocol support in the kernel because not only would netatalk
refuse to work (without modifications), but the MacOS Chooser depends
on it as well.
-- For a holy stint, a moth of the cloth gave up his woolens for lint. Osma Ahvenlampi <oa@spray.fi>
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:33:00 EST