I should probably clarify my earlier post. Tcp-wrappers are
part of the kernel in Solaris 9 only, so my recipe won't work
with 8 or earlier. The wrappers don't control all inetd
processes, so you still have to comment out
#100232/10 tli rpc/udp wait root /usr/sbin/sadmind
in /etc/inetd.conf. As Rich pointed out, its probably
safer to kill all inetd processes (pkill inetd) and just
use ssh and sftp. You'll have to restart inetd when you
reboot the console to start tftp (/etc/rc2.d/S72inetsvc start)
You may have to look in /etc/rc2.d for the right number.
As Ranier suggested, an inexpensive NAT firewall can prevent
a lot of problems. More expensive/complex solutions give you
a larger feature set and more flexibility to selectively
allow outside computers access. We're just starting the
process and are considering:
Linksys BEFSX41 4-port router with firewall $65
DLink DFL80 4-port ethernet VPN firewal $177
Linksys (Cisco) RV082 8-port VPN router $258
Cisco PIX 501 $373
If you've got an extra pentinum looking for something to do,
there is an open source "Smoothwall" (www.smoothwall.org).
Rich says that its easy to install.
I *think* that a firewall to the world plus sofware firewalls
on all the computers will make life on the net more bearable.
Haven't been able to compile iptables under solaris 9 running
32 bit mode with an open source compiler, but someday in my
spare time ,,,,
hth,
dave scott
iowa state university
A user and his leisure time are soon parted.
Received on Thu Apr 15 2004 - 08:48:18 MST