Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Restrict network access per service based on IP address OS X Server
You can restrict access to a network service on a per-IP basis by configuring launchd to use TCP wrappers. First, install tcp_wrappers using Fink or DarwinPorts; see the tcp_wrappers page at DarwinPorts for more info.

Then set Program to /usr/libexec/tcpd in the plist for the daemon you want to wrap. You might also need to adjust ProgramArguments. Note that TCP wrappers only works for inetd-compatible jobs whose "Wait" setting is set to false.

[robg adds: I haven't tested this one...]
    •    
  • Currently 2.13 / 5
  You rated: 4 / 5 (8 votes cast)
 
[7,091 views]  

Restrict network access per service based on IP address | 4 comments | Create New Account
Click here to return to the 'Restrict network access per service based on IP address' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Restrict network access per service based on IP address
Authored by: stevev on Aug 29, '05 03:06:03PM

Using darwinports, the build fails as tcp_wrappers is not aware of 10.4 darwin. The variants are only sunos and suncc too, so I was unable to build "out of the box" from darwinports.

Is there something obvious I'm missing?



[ Reply to This | # ]
Restrict network access per service based on IP address
Authored by: ducasi on Aug 29, '05 04:14:25PM

tcp wrappers is a standard part of Mac OS and doesn't need to be installed from fink or darwin ports.



[ Reply to This | # ]
Restrict network access per service based on IP address
Authored by: stephendv on Aug 29, '05 05:59:54PM

If you're using Tiger there's no need to install TCP wrappers since they're installed. For more information on configuring tcpd with launchd see the following security hardening guide for Tiger:
http://www.packetstormsecurity.org/mac-osx/050819-securing-mac-os-x-tiger.pdf



[ Reply to This | # ]
TCP wrappers
Authored by: sjk on Aug 30, '05 01:08:19AM

TCP wrappers (tcpd) is standard on Panther, too. Not sure about Jaguar.



[ Reply to This | # ]