Re: tcpwrapped rpcbind/portmap?

From: Doug Hughes (doug@Eng.Auburn.EDU)
Date: 08/21/01

Date: Tue, 21 Aug 2001 16:58:54 -0500 (CDT)
From: Doug Hughes <doug@Eng.Auburn.EDU>
To: Reg Quinton <>
Subject: Re: tcpwrapped rpcbind/portmap?
Message-ID: <>

On Tue, 21 Aug 2001, Reg Quinton wrote:

> > Absolutely. The lack of ACL enforcement within the stock Solaris
> > rpcbind make its use problematic in a security-sensitive environment.
> I'd guess you're better off to have the filtering done at a lower level
> in the IP stack and not require that each service implement it's own
> filtering.
> Are there no tools for Solaris to do that -- filter at a lower level in
> the IP stack. Would SunScreen Lite do it?
> The Seattle folks offer tools for their systems, surely we have something
> for Solaris.

ipsec works by pushing modules into the IP stack in Sol8. It's kind
of cool actually.