From owner-freebsd-security Fri Nov 13 13:29:46 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA03084 for freebsd-security-outgoing; Fri, 13 Nov 1998 13:29:46 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from super-g.inch.com (super-g.com [207.240.140.161]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA03077 for ; Fri, 13 Nov 1998 13:29:44 -0800 (PST) (envelope-from spork@super-g.com) Received: from localhost (localhost [127.0.0.1]) by super-g.inch.com (8.8.8/8.8.5) with SMTP id QAA08200; Fri, 13 Nov 1998 16:24:35 -0500 (EST) Date: Fri, 13 Nov 1998 16:24:34 -0500 (EST) From: spork X-Sender: spork@super-g.inch.com To: "Kurt D. Zeilenga" cc: freebsd-security@FreeBSD.ORG Subject: Re: securelib In-Reply-To: <3.0.5.32.19981112214317.00a03840@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 12 Nov 1998, Kurt D. Zeilenga wrote: (how to wrap udp question deleted) > tcp_wrappers' -lwrap? It's API is independent of transport protocol > and only requires adding a small tidbit of code. For those that don't code, how much of a snippet? I found that Wietse's portmap does compile OK, but what about the rest of the NFS suite? I have a second, closed network for NFS, but portmap, mountd, and nfsd want to bind to every available address, so I figure the next best thing to do is at least limit connections to the one machine I need to talk to... I've tried IPFW, but yech, it's nearly impossible to block all that RPC stuff properly. What are other folks doing in this situation? With nics so cheap these days, building a seperate 100MB net for NFS is a nice solution, I'd just like to do it safely... Thanks, Charles > Kurt > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message