From owner-freebsd-security Fri Feb 9 13:30:53 2001 Delivered-To: freebsd-security@freebsd.org Received: from orhi.sarenet.es (orhi.sarenet.es [192.148.167.5]) by hub.freebsd.org (Postfix) with ESMTP id 8A1C637B6A0 for ; Fri, 9 Feb 2001 13:30:36 -0800 (PST) Received: from sarenet.es (sollube.sarenet.es [192.148.167.16]) by orhi.sarenet.es (Postfix) with SMTP id 866E44996 for ; Fri, 9 Feb 2001 22:30:30 +0100 (MET) Received: from sarenet.es ([192.148.167.77]) by sarenet.es ; Fri, 09 Feb 2001 22:30:27 +0100 Message-ID: <3A846179.DE6CD5AA@sarenet.es> Date: Fri, 09 Feb 2001 22:30:33 +0100 From: Borja Marcos X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.2-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: nfsd support for tcp_wrapper -> General RPC solution References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Gerald Pfeifer wrote: > > The trick is to use the portmapper with TCP Wrapper with a slight > > twist. You keep a set of firewall (ipfw or ipfilter) rules in a file, > > and whenever portmap receives the RPC service registration from the > > daemon, it "runs" the ipfw or ipfilter configuration > > script passing it the port number where the service has registered. > > This sounds like a *very* interesting idea. Unfortunately, we cannot > offer money, else we'd even try to fund you doing that implementation, > but I think a lot of people would benefit. I don't want money! I have a job, and I want to contribute something to my preferred operating system, which is making my life easier in my job. It is only a matter of finding some spare time ;-) Borja. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message