Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Restrict network access per service based on IP address OS X Server
Aug 29, '05 07:55:00AM • Contributed by: Anonymous
You can restrict access to a network service on a per-IP basis by configuring launchd to use TCP wrappers. First, install tcp_wrappers using Fink or DarwinPorts; see the tcp_wrappers page at DarwinPorts for more info.

Then set Program to /usr/libexec/tcpd in the plist for the daemon you want to wrap. You might also need to adjust ProgramArguments. Note that TCP wrappers only works for inetd-compatible jobs whose "Wait" setting is set to false.

[robg adds: I haven't tested this one...]
    •    
  • Currently 2.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (7 votes cast)  
[6,738 views]  

Hint Options


Restrict network access per service based on IP address | 4 comments | Create New Account
Click here to return to the 'Restrict network access per service based on IP address' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Restrict network access per service based on IP address
Authored by: stevev on Aug 29, '05 03:06:03PM

Using darwinports, the build fails as tcp_wrappers is not aware of 10.4 darwin. The variants are only sunos and suncc too, so I was unable to build "out of the box" from darwinports.

Is there something obvious I'm missing?



[ Reply to This | # ]
Restrict network access per service based on IP address
Authored by: ducasi on Aug 29, '05 04:14:25PM

tcp wrappers is a standard part of Mac OS and doesn't need to be installed from fink or darwin ports.



[ Reply to This | # ]
Restrict network access per service based on IP address
Authored by: stephendv on Aug 29, '05 05:59:54PM

If you're using Tiger there's no need to install TCP wrappers since they're installed. For more information on configuring tcpd with launchd see the following security hardening guide for Tiger:
http://www.packetstormsecurity.org/mac-osx/050819-securing-mac-os-x-tiger.pdf



[ Reply to This | # ]
TCP wrappers
Authored by: sjk on Aug 30, '05 01:08:19AM

TCP wrappers (tcpd) is standard on Panther, too. Not sure about Jaguar.



[ Reply to This | # ]




Search

Advanced

From our Sponsor...

Latest Lion Hints

Click here for complete coverage of Lion on Macworld.

User Functions





Don't have an account yet? Sign up as a New User
Lost your password?

What's New:

Hints

1 new Hints in the last 24 hours

Comments last 2 days


Links last 2 weeks

No recent new links

What's New in the Forums?

Hints by Topic

 

News from Macworld

From Our Sponsors
Copyright © 2013 IDG Consumer & SMB (Privacy PolicyContact Us
All trademarks and copyrights on this page are owned by their respective owners.

Visit other IDG sites:


Powered by Geeklog Created this page in 0.18 seconds