Date: Thu, 13 Jan 2000 14:49:46 +0000 From: David Malone <dwmalone@maths.tcd.ie> To: Brad Knowles <blk@skynet.be> Cc: Gawel <gawel@sim.com.pl>, "freebsd-stable@FreeBSD.ORG" <freebsd-stable@FreeBSD.ORG> Subject: Re: portmap Message-ID: <20000113144946.A84064@walton.maths.tcd.ie> In-Reply-To: <v0422080bb4a3701b5982@[195.238.1.121]>; from blk@skynet.be on Thu, Jan 13, 2000 at 01:07:54PM %2B0100 References: <387DB3BB.8D85E624@sim.com.pl> <v0422080bb4a3701b5982@[195.238.1.121]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 13, 2000 at 01:07:54PM +0100, Brad Knowles wrote: > My understanding is that portmap uses UDP, which TCP-Wrappers > doesn't protect. tcpd has no problem protecting the first connection to UDP applications run from inetd. TCP wait services are a problem though. Programs which use libwrap directly don't have this restriction. > You can get an improved version of portmap that makes explicit > use of wraplib (I'd suggest starting with Wietse Venema's version). > I'd go to <ftp://ftp.porcupine.org/>; and start from there. FreeBSD's portmapper uses libwrap and so should have all the access controls Wietse's version has. (Infact, I think it uses his code). In response to the original posers problem of not wanting to see the log messages when connections are denied, one option would be to use the "severity" option in hosts.allow to log the messages at a different level/facility. > Or you can make use of kernel-level firewalling to prevent anyone > from successfully getting packets through to a particular port on > your machine, unless you want to let them through. Look at "man > ipfw" for starters. This is probably a more general solution to unwanted connections though. David. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000113144946.A84064>