Date: Tue, 30 Jan 2001 17:26:18 -0800 From: Alfred Perlstein <bright@wintelcom.net> To: Gerald Pfeifer <pfeifer@dbai.tuwien.ac.at> Cc: freebsd-security@FreeBSD.ORG, admin@dbai.tuwien.ac.at Subject: Re: nfsd lacks support for tcp_wrapper Message-ID: <20010130172618.Y26076@fw.wintelcom.net> In-Reply-To: <Pine.BSF.4.32.0101302048060.89689-100000@taygeta.dbai.tuwien.ac.at>; from pfeifer@dbai.tuwien.ac.at on Wed, Jan 31, 2001 at 02:10:19AM %2B0100 References: <Pine.BSF.4.32.0101302048060.89689-100000@taygeta.dbai.tuwien.ac.at>
next in thread | previous in thread | raw e-mail | index | archive | help
* Gerald Pfeifer <pfeifer@dbai.tuwien.ac.at> [010130 17:10] wrote: > Unless we completely missed something, nfsd does lack support for > tcp_wrapper, doesn't it? > > As NFS is a rather critical security-wize this seems like a big omission. > > (Many sites, like ours, just cannot avoid using NFS, so it would be nice > to be able to easily restrict the address range clients are allowed to > connect from.) > > Or are we just missing something? Missing the fact that nfsd is an in-kernel process and therefore pretty hard to link against libwrap. Otherwise... i dunno, use ipfw? :) -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010130172618.Y26076>