1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-18 10:35:55 +00:00
Commit Graph

24 Commits

Author SHA1 Message Date
Alexander Motin
ea9ed3d85b Disable libwrap (TCP wrappers) support in rpcbind by default, introducing
new command line options -W, to enable it when needed.

On my tests this change by almost ten times improves rpcbind performance.

No objections:	many, net@
2014-03-06 17:33:27 +00:00
Ruslan Ermilov
98374c9c79 Comment out lines that use example addresses and example.com names so
that local changes can be made more easily (without having to comment
these lines, and making the diff more readable).
2006-08-29 09:20:48 +00:00
Christian S.J. Peron
0f7163d304 Since NIS is an RPC based service, add a note that when adjusting access
controls in NIS, similar access controls should be considered for the
rpcbind as well.
2006-06-01 14:14:58 +00:00
Ruslan Ermilov
e1fe3dba5c Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
2006-03-17 18:54:44 +00:00
Hajimu UMEMOTO
9512e32664 The libwrap built with NO_INET6=yes cannot parse an IPv6 address.
So, mention it in comment.

Submitted by:	Dmitry Morozovsky <marck__at__rinet.ru>
MFC after:	2 days
2006-02-16 14:46:03 +00:00
Hajimu UMEMOTO
bd872c1ccb Use RFC 3849 address for examples.
Pointed out by:	mistral@imasy.or.jp
MFC after:	1 week
2004-08-03 08:58:34 +00:00
Hajimu UMEMOTO
f6c223ace3 allow ::1 explicitly.
Pointed out by:	mistral@imasy.or.jp
MFC after:	1 week
2004-08-03 08:47:35 +00:00
Jens Schweikhardt
d8beb0fd3b Removed whitespace at BOF, EOL & EOF. 2004-06-06 11:46:29 +00:00
Mark Murray
adb79039fd Enable TCP_WRAPPERs for the NIS server. The protection afforded is
not massive, but usable.
2002-02-06 20:39:36 +00:00
David Malone
1139160ec0 Clear up what the line "ALL : PARANOID : RFC931 20 : deny" means
to tcp wrappers. The description is a little long, but hopefully
accurate.
2001-08-18 14:22:52 +00:00
Brian Somers
7f17ea13a3 Fix a misleading comment
Submitted by:	Mark Knight <markk@knigma.org>
2001-05-02 09:29:20 +00:00
Alexander Langer
4e64bc892d "Portmapper" -> "Rpcbind" in a comment. 2001-04-26 13:43:02 +00:00
Alfred Perlstein
527464e999 s/portmap/rpcbind
Pointed out by: Hajimu UMEMOTO <ume@mahoroba.org>
2001-03-20 21:02:39 +00:00
Hajimu UMEMOTO
be8302343e Add some examples for IPv6 addresses.
PR:		conf/18614
Submitted by:	James Housley <jim@thehousleys.net>
2000-07-19 13:05:58 +00:00
Sheldon Hearn
8172e29086 Add IP addresses to the rules required to "Allow anything from
localhost", since portmap(8) is included in "anything".

Submitted by:	Doug Barton <Doug@gorean.org>
2000-05-05 08:31:59 +00:00
Chris Timmons
99d2860f1b Clarify the disposition of hosts.deny and provide a logically
consistent portmap example rule.
Reviewed by: obrien, markm
Obtained-good-ideas from: obrien
2000-03-28 17:28:56 +00:00
Jordan K. Hubbard
b1be9320f3 The default rule in this file actually sent mail to root as its default
action when denying access to a service.  Unfortunately, this also makes
a dandy denial-of-service attack possible.  Change to just log the event
and shoot a "go away" response back down the socket.
2000-02-17 04:52:23 +00:00
David E. O'Brien
e54b3aebe0 Fix English. Also use full spelling and reorg a little while I'm here.
Submitted by:	Andy Farkas <andyf@speednet.com.au>
2000-01-25 11:25:59 +00:00
David E. O'Brien
dfe43144ff MFS: note that only IP addresses work when wrapping the portmapper.
Make clearer we consider this only an example, and admins should really
write this file for their needs.
1999-11-25 03:00:44 +00:00
Peter Wemm
9b7a44a60e $Id$ -> $FreeBSD$ 1999-08-27 23:37:10 +00:00
Sheldon Hearn
87178415f4 Add a sample entry for Exim, in preparation for the upcoming behaviour
change in the port, where TCP Wrapper support will become the default.

Requested by:	markm
1999-08-03 14:52:46 +00:00
David E. O'Brien
1924a94a7c Use /usr/bin/finger rather than `safe_finger'. 1999-05-08 02:19:25 +00:00
Mark Murray
6a5f5da709 Use more politically correct examples, and expand the examples a bit. 1999-04-08 19:08:53 +00:00
Mark Murray
f8b0e8c9ff Add an example hosts.allow for the (base system) tcp_wrappers.
Anyone with good ideas for this is welcome to contribute.
1999-03-28 10:47:26 +00:00