Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 20 Oct 1999 18:26:27 -0700
From:      "Ronald F. Guilmette" <rfg@monkeys.com>
To:        Doug Barton <Doug@gorean.org>
Cc:        Phil Homewood <philh@mincom.com>, Tony Finch <fanf@demon.net>, freebsd-questions@FreeBSD.ORG
Subject:   Re: Stupid file system tricks. 
Message-ID:  <15356.940469187@monkeys.com>
In-Reply-To: Your message of Wed, 20 Oct 1999 17:18:45 -0700. <Pine.BSF.4.10.9910201716160.40358-100000@dt050n71.san.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

In message <Pine.BSF.4.10.9910201716160.40358-100000@dt050n71.san.rr.com>, you 
wrote:

>On Tue, 19 Oct 1999, Ronald F. Guilmette wrote:
>
>> Thanks.  That _would_ work, if I was willing to trust NFS.  But my
>> (admittedly limited) understanding of it suggests that it is too
>> much of a security risk to run NFS on anything that is connected to
>> the public Internet.
>
>	In a situation like yours you wouldn't have a security risk
>because you would only be connecting back to the local machine. With a
>little creativity you could set up the exports file so that only 127.0.0.1
>could access the shares, and then with a combination of tcp wrappers
>and/or ipfw you can restrict access to the RPC services quite effectively.
>We use a combination of inside/outside interfaces and carefully
>constructed access rules to do just such a system at work, and I do the
>same thing at home. 

You have a point.

I've been meaning to install ipfw anyway.

Since we are on the subject, where can I get either a copy of the sources
or else a pre-packaged FreeBSD package for that (ipfw)?

I was kinda surprised to find that the standard FreeBSD distribution(s)
don't seem to contain a package for that.  Why not?

Another notable absence from the FreeBSD distributions:  A pre-built
package for ssh/sshd.  What's the deal there?  Can that stuff not be
distributed with FreeBSD because it is proprietary?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15356.940469187>