From owner-freebsd-questions Wed Oct 20 18:31:41 1999 Delivered-To: freebsd-questions@freebsd.org Received: from franklin.ticon.net (franklin.ticon.net [205.254.200.23]) by hub.freebsd.org (Postfix) with ESMTP id 0F0FE14CAC for ; Wed, 20 Oct 1999 18:31:32 -0700 (PDT) (envelope-from wizkid@ticon.net) Received: from europa (jvlmaxtnt-1-143.ticon.net [156.46.214.145]) by franklin.ticon.net (8.9.3/8.9.3/ticon.mc) with SMTP id UAA31273; Wed, 20 Oct 1999 20:31:04 -0500 Message-ID: <012701bf1b64$80cd9720$0301a8c0@rqcs.ticon.net> From: "Collin Kreklow" To: "Ronald F. Guilmette" Cc: References: <15356.940469187@monkeys.com> Subject: Re: Stupid file system tricks. Date: Wed, 20 Oct 1999 20:35:04 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG The reason you can't find this in the ports is because it is included in the base distribution. See man ipfw for more information. Collin ----- Original Message ----- From: Ronald F. Guilmette To: Doug Barton Cc: Phil Homewood ; Tony Finch ; Sent: Wednesday, October 20, 1999 8:26 PM Subject: Re: Stupid file system tricks. > > In message , you > wrote: > > >On Tue, 19 Oct 1999, Ronald F. Guilmette wrote: > > > >> Thanks. That _would_ work, if I was willing to trust NFS. But my > >> (admittedly limited) understanding of it suggests that it is too > >> much of a security risk to run NFS on anything that is connected to > >> the public Internet. > > > > In a situation like yours you wouldn't have a security risk > >because you would only be connecting back to the local machine. With a > >little creativity you could set up the exports file so that only 127.0.0.1 > >could access the shares, and then with a combination of tcp wrappers > >and/or ipfw you can restrict access to the RPC services quite effectively. > >We use a combination of inside/outside interfaces and carefully > >constructed access rules to do just such a system at work, and I do the > >same thing at home. > > You have a point. > > I've been meaning to install ipfw anyway. > > Since we are on the subject, where can I get either a copy of the sources > or else a pre-packaged FreeBSD package for that (ipfw)? > > I was kinda surprised to find that the standard FreeBSD distribution(s) > don't seem to contain a package for that. Why not? > > Another notable absence from the FreeBSD distributions: A pre-built > package for ssh/sshd. What's the deal there? Can that stuff not be > distributed with FreeBSD because it is proprietary? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message