Date: Wed, 20 Oct 1999 18:26:27 -0700 From: "Ronald F. Guilmette" <rfg@monkeys.com> To: Doug Barton <Doug@gorean.org> Cc: Phil Homewood <philh@mincom.com>, Tony Finch <fanf@demon.net>, freebsd-questions@FreeBSD.ORG Subject: Re: Stupid file system tricks. Message-ID: <15356.940469187@monkeys.com> In-Reply-To: Your message of Wed, 20 Oct 1999 17:18:45 -0700. <Pine.BSF.4.10.9910201716160.40358-100000@dt050n71.san.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.4.10.9910201716160.40358-100000@dt050n71.san.rr.com>, you wrote: >On Tue, 19 Oct 1999, Ronald F. Guilmette wrote: > >> Thanks. That _would_ work, if I was willing to trust NFS. But my >> (admittedly limited) understanding of it suggests that it is too >> much of a security risk to run NFS on anything that is connected to >> the public Internet. > > In a situation like yours you wouldn't have a security risk >because you would only be connecting back to the local machine. With a >little creativity you could set up the exports file so that only 127.0.0.1 >could access the shares, and then with a combination of tcp wrappers >and/or ipfw you can restrict access to the RPC services quite effectively. >We use a combination of inside/outside interfaces and carefully >constructed access rules to do just such a system at work, and I do the >same thing at home. You have a point. I've been meaning to install ipfw anyway. Since we are on the subject, where can I get either a copy of the sources or else a pre-packaged FreeBSD package for that (ipfw)? I was kinda surprised to find that the standard FreeBSD distribution(s) don't seem to contain a package for that. Why not? Another notable absence from the FreeBSD distributions: A pre-built package for ssh/sshd. What's the deal there? Can that stuff not be distributed with FreeBSD because it is proprietary? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15356.940469187>