[Nut-upsuser] RFC: Use tcp-wrapper for all connections to upsd
Joerg Pulz
Joerg.Pulz at frm2.tum.de
Thu Feb 26 11:20:01 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
after some experimenting and digging through the code i found no solution
how to completely disable access to upsd from specific hosts.
In previous versions (before r1233) it was possible to allow or deny
access to upsd completely by using ACL, ACCEPT and REJECT entries in
upsd.conf. As this functionality was removed and tcp-wrappers support was
introduced i thought it would be possible to use some rules in hosts.allow
to get the same functionality as before. Unfortunately, thats not the
case.
Only authenticated commands like SET or INSTCMD are protected by
tcp-wrappers, all other commands like GET or LIST can be used from
everywhere by everyone which is IMO a regression.
For me, the right solution would be to protect all incoming connections by
tcp-wrappers.
What do others think about this?
Kind regards
Joerg
- --
The beginning is the most important part of the work.
-Plato
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
iD8DBQFJpnrkSPOsGF+KA+MRAl5qAJ4giiMOPNrSjAnI3p7Fa0NHSLCSbQCgjJBr
kTpLEuSEJJAKdLutFMZxmFE=
=DBDA
-----END PGP SIGNATURE-----
More information about the Nut-upsuser
mailing list