diff options
author | markm <markm@FreeBSD.org> | 2002-02-06 20:39:36 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2002-02-06 20:39:36 +0000 |
commit | 5351d0d669aaf357b31d421e05f270a7651e1f8b (patch) | |
tree | efc7e3687dff5257969f07b17832d8790937105a | |
parent | 021d8e63a1879a46bf287d200af7cde8f8463a73 (diff) | |
download | FreeBSD-src-5351d0d669aaf357b31d421e05f270a7651e1f8b.zip FreeBSD-src-5351d0d669aaf357b31d421e05f270a7651e1f8b.tar.gz |
Enable TCP_WRAPPERs for the NIS server. The protection afforded is
not massive, but usable.
-rw-r--r-- | etc/hosts.allow | 6 | ||||
-rw-r--r-- | usr.sbin/ypserv/Makefile | 5 |
2 files changed, 10 insertions, 1 deletions
diff --git a/etc/hosts.allow b/etc/hosts.allow index f4e1353..e24f0c2 100644 --- a/etc/hosts.allow +++ b/etc/hosts.allow @@ -63,6 +63,12 @@ rpcbind : 192.0.2.32/255.255.255.224 : allow rpcbind : 192.0.2.96/255.255.255.224 : allow rpcbind : ALL : deny +# NIS master server. Only local nets should have access +ypserv : localhost : allow +ypserv : .unsafe.my.net.example.com : deny +ypserv : .my.net.example.com : allow +ypserv : ALL : deny + # Provide a small amount of protection for ftpd ftpd : localhost : allow ftpd : .nice.guy.example.com : allow diff --git a/usr.sbin/ypserv/Makefile b/usr.sbin/ypserv/Makefile index 214b995..30c3f3f 100644 --- a/usr.sbin/ypserv/Makefile +++ b/usr.sbin/ypserv/Makefile @@ -8,7 +8,10 @@ MAN= ypserv.8 ypinit.8 SRCS= yp_svc.c yp_server.c yp_dblookup.c yp_dnslookup.c \ ypxfr_clnt.c yp.h yp_main.c yp_error.c yp_access.c yp_svc_udp.c -CFLAGS+= -I. -DDB_CACHE +DPADD= ${LIBWRAP} +LDADD= -lwrap + +CFLAGS+= -I. -DDB_CACHE -DTCP_WRAPPER CLEANFILES= yp_svc.c ypxfr_clnt.c yp.h |