From owner-freebsd-current  Fri Mar  5  9:12: 5 1999
Delivered-To: freebsd-current@freebsd.org
Received: from vrfy.ehlo.com (HSE-TOR-ppp21551.sympatico.ca [209.226.66.109])
	by hub.freebsd.org (Postfix) with ESMTP id 24AC115188
	for <freebsd-current@freebsd.org>; Fri,  5 Mar 1999 09:11:52 -0800 (PST)
	(envelope-from james@ehlo.com)
Received: from james by vrfy.ehlo.com with local (Exim 2.12 #3)
	id 10Iy6X-0006v4-00
	for freebsd-current@freebsd.org; Fri, 5 Mar 1999 12:09:41 -0500
Date: Fri, 5 Mar 1999 12:09:40 -0500
From: James FitzGibbon <james@ehlo.com>
To: freebsd-current@freebsd.org
Subject: Suggested change to rc.network
Message-ID: <19990305120940.A12421@ehlo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.4i
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


There is already a precedent for allowing users to use drop-in replacements
for certain network daemons by specifying the path to the daemon in rc.conf. 
Examples include the ${ntpdate_program} and ${xtnpd_program} variables that
are used in /etc/rc.network.

Wietse Venema has for some time had a replacement portmapper that uses
libwrap to control access using hosts.allow.  It doesn't protect the
daemons, but it can help disguise what RPC services you are running.

I'm suggesting to have rc.network use a ${portmap_program} variable, with a
suitable default in /etc/defaults/rc.conf of "/usr/sbin/portmap".

Any comments appreciated.

-- 
j.

James FitzGibbon                                                james@ehlo.com
EHLO Solutions                                         Voice/Fax (416)410-0100


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message