On Wed, Feb 07, 2001 at 08:03:37AM -0500, Michael Stone wrote: > On Wed, Feb 07, 2001 at 04:00:25AM -0900, Ethan Benson wrote: > > statd has tcpwrappers support as of 0.2 or so. (the version in > > unstable does, potato's does not) > > Shows how often I use nfs these days. :) I assume you're still screwed > with lockd? And does this require another *specific* line in > hosts.allow/deny? yup your screwed with lockd, i don't see much of a way around that since it appears to be a kernel thread and not a userland daemon (at least on all my systems it seems that way..) i got bit by statd suddenly supporting tcpwrappers since i have the fascist ALL: ALL in my hosts.deny. the line you need is: statd: 192.168.0.1 for example. its documented in the statd man page. i still am not convinced that it really works though, if i telnet to the statd tcp port (found via rpcinfo -p localhost) from a machine NOT listed in hosts.allow i don't get disconnected immediatly... not very scientific but then i don't really care too much since i don't have this open to the outside world. (any suggestions for a real test?) -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpn12KnP18Ax.pgp
Description: PGP signature