Date: Wed, 20 Oct 1999 20:35:04 -0500 From: "Collin Kreklow" <wizkid@ticon.net> To: "Ronald F. Guilmette" <rfg@monkeys.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: Stupid file system tricks. Message-ID: <012701bf1b64$80cd9720$0301a8c0@rqcs.ticon.net> References: <15356.940469187@monkeys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The reason you can't find this in the ports is because it is included in the base distribution. See man ipfw for more information. Collin ----- Original Message ----- From: Ronald F. Guilmette <rfg@monkeys.com> To: Doug Barton <Doug@gorean.org> Cc: Phil Homewood <philh@mincom.com>; Tony Finch <fanf@demon.net>; <freebsd-questions@FreeBSD.ORG> Sent: Wednesday, October 20, 1999 8:26 PM Subject: Re: Stupid file system tricks. > > In message <Pine.BSF.4.10.9910201716160.40358-100000@dt050n71.san.rr.com>, you > wrote: > > >On Tue, 19 Oct 1999, Ronald F. Guilmette wrote: > > > >> Thanks. That _would_ work, if I was willing to trust NFS. But my > >> (admittedly limited) understanding of it suggests that it is too > >> much of a security risk to run NFS on anything that is connected to > >> the public Internet. > > > > In a situation like yours you wouldn't have a security risk > >because you would only be connecting back to the local machine. With a > >little creativity you could set up the exports file so that only 127.0.0.1 > >could access the shares, and then with a combination of tcp wrappers > >and/or ipfw you can restrict access to the RPC services quite effectively. > >We use a combination of inside/outside interfaces and carefully > >constructed access rules to do just such a system at work, and I do the > >same thing at home. > > You have a point. > > I've been meaning to install ipfw anyway. > > Since we are on the subject, where can I get either a copy of the sources > or else a pre-packaged FreeBSD package for that (ipfw)? > > I was kinda surprised to find that the standard FreeBSD distribution(s) > don't seem to contain a package for that. Why not? > > Another notable absence from the FreeBSD distributions: A pre-built > package for ssh/sshd. What's the deal there? Can that stuff not be > distributed with FreeBSD because it is proprietary? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?012701bf1b64$80cd9720$0301a8c0>