Subject: Re: Help for a newbie
From: Matthew Temple (Matthew_Temple@dfci.harvard.edu)
Date: Wed Sep 20 2000 - 16:07:11 EDT
All,
I believe that the tcp_wrapper support available through
inetd is specifically for services that don't know anything about
libwrap and so must call tcpd for this kind of handling. Doesn't
netatalk use libwrap calls to call the library directly so that
the /etc/hosts.allow file is what's really used as a basis?
mht
Steve Freitas wrote:
>
> >I am not well acquainted with tcp wrappers, but doesn't tcp wrappers
> >only apply if you are starting afpd from /etc/inetd.conf, and not the
> >SysV-style /etc/rc.d/init.d/atalk script? On the other hand, if you use
> >ipchains to block the port, then it shouldn't matter how you start the
> >server, because then the firewalling is done at a lower level in the
> >kernel.
>
> I bow to your grater knowledge. :-) Ipchains is it.
>
> > Beyond that, it seems to me that both the ipchains and tcp wrappers
> >solutions would block *all* access, or none; neither could be used to
> >limit it to guest access. What Colin was asking for is access control
> >based on both IP and user ID.
>
> My impression was that he was asking to exclude a range of IPs
> completely. Colin, can you sort this out? :-)
>
> Steve
-- ============================================================= Matthew Temple Tel: 617/632-2597 Director, Research Computing Fax: 617/632-4012 Dana-Farber Cancer Institute 44 Binney Street, Smith 345 Matthew_Temple@dfci.harvard.edu Boston, MA 02115 IMAP LIVES! =============================================================
This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:32:12 EST