'Lo all-

I have 2 questions.  The first has to do with Xinetd configuration.  What I
wanted to do is specify that the default policy is to Deny for any services
on any address, so I setup no_access=0.0.0.0/0 in defaults.  Then I want to
allow per-service, so I put in only_from=0.0.0.0/0 in my wu-ftp
configuration.  Unfortunately, this makes xinetd complain because the two
lists are the same.  Apparently, xinetd figures out access based on
comparing the ip address in question to both the only_from and no_access
lists.  If an ip address is in both lists, it uses whichever one is a
smaller set (ie, if you have no_access=0.0.0.0/0 and
only_from=192.168.0.0/16, and a 192.168.3.2 packet comes in it will be
allowed, but anything outside of 192.168 will be denied).  However, if the
lists are the same, it drops the connection as well.

So, my question:  is there some way to do what I want; to specify the
default policy for xinetd services is deny, and then allow on a
service-by-service basis?  Or must I put nothing about access in the
defaults definition, and then specify allows and denys in every service
definition?  Anyone had a similar issue and figured out a good solution?

My second (much shorter) question: has anyone had good luck with a gigabit
ethernet driver on a 2.4 kernel?  We're looking into setting up better
firewall on our network, and considering two possibilities: 1 firewall
running linux with Gig ethernet per subnet (cheap, better bandwidth, but
more admin overhead) OR setting up one firewall for the whole shebang, and
investing in something like the Firebox or Checkpoint's Nokia appliance.
So, any Gig Nic suggestions?

Thanks!

Brian


_______________________________________________
techtalk mailing list
[EMAIL PROTECTED]
http://www.linux.org.uk/mailman/listinfo/techtalk

Reply via email to