Tcpwrappers hearkens back to a time before firewalls. But why is your second option not optimal? clamd.conf is where you should tell clamd where to provide it's service. Likewise, the OS firewall is the place where you should tell your OS who can access your services. For example, if you're running RHEL, then it has an input default deny firewall and you'd only have to add one line in /etc/sysconfig/iptables for each IP you wanted to grant access from, like so:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 10.0.0.xxx--dport 3310 -j ACCEPT You could also grant a block of addresses on one line using the address/mask notation. See the iptables man page for details. Ron On 6/10/07, snowcrash <[EMAIL PROTECTED]> wrote: > > i've clamd running on a standalone box on my private LAN, listening on > a TCP socket; in clamd.conf i have, > > TCPAddr 10.0.0.105 > TCPSocket 3310 > > i'm submitting messages TO it via exim's exiscan/content-scanning. > > works great. > > i'd like to LIMIT which IPs can *access* clamd on that box. > > > iiuc, there are three options: > > (1) tcpwrappers. but, afaict tcpwrammers support is limited to > clamav-milter. at least, config-ing hosts.allow/hosts.deny seems to > make no difference ... > > (2) control via firewall access. do-able, but not optimal ... > > (3) some config setting in clamd.conf. > > spamd, e.g., allows me to to configure BOTH the 'listening' ips AND > 'allowed' ips, where the latter define which ips can access/submit_to > the running daemon. > > is there anything like that in/for clamd's config? > > thanks. > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
