Original Question was:
"My task is to configure one of multiple network interfaces on Tru 64, to
drop or let through packets.
I am looking for some versatile mechanism which can do it on port, services,
hosts basis.
So far I came across /etc/ifaccess.conf which doesn't seem to be able to do
it on port basis.
Man pages for packetfilter didn't give me clear information either.
For example, I would like to disable all telnet requests on specific
interface.
What is necessary to make it possible?"
Thanks to all who replied, especially James Sainsbury, Nikola Milutinovic,
Jim Smart.
The answers fell into 3 categories:
1. Use xinetd
If you can use xinetd you can specify which interface(s) any given
service will listen.
Have a look at <
http://www.xinetd.org/>
The current development version appears to be xinetd-2.1.8.9pre14
I managed to get xinetd-2.1.8.9pre11 running on Tru64-4.0d with very
little effort. (James Sainsbury)
2. TCP wrapper
If you stay with inetd then you should have or get TCP-Wrappers.
You could possibly upgrade to xinetd which has access control
similar to tcp_wrappers built-in. If man tcpd works, you have
tcp_wrappers , if not then get it.
ftp://ftp.porcupine.org/pub/security/index.html is the link.
(Jim Smart)
3. Use screend
This suggestion is not suitable in my case, because the box is not gateway
and doesn't forward packets.
I will consider first two suggestions.
Though, none of the solutions would provide packet filtering on interface
basis or/and on port basis.
Thanks again.
Nik Tarasyuk
Software Engineer
Snowy Hydro
Australia
Received on Tue Apr 17 2001 - 02:06:08 NZST