Restrict network access per service based on IP address

Aug 29, '05 07:55:00AM

Contributed by: Anonymous

You can restrict access to a network service on a per-IP basis by configuring launchd to use TCP wrappers. First, install tcp_wrappers using Fink or DarwinPorts; see the tcp_wrappers page at DarwinPorts for more info.

Then set Program to /usr/libexec/tcpd in the plist for the daemon you want to wrap. You might also need to adjust ProgramArguments. Note that TCP wrappers only works for inetd-compatible jobs whose "Wait" setting is set to false.

[robg adds: I haven't tested this one...]

Comments (4)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20050822231312599