what has surfaced with this kind of feedback is the lack of documentation of this change.
we should complete the user manual in that direction, § 5.2.3. "Data server configuration (upsd)" and § 7. "Securisation notes" highlighting the removal of ACL and describing the TCP Wrapper + firewall switch. @Arjen: if you have some content in mind, don't hesitate to send it to me. I have something planned but have not yet reached that point. Arnaud 2009/11/23 Arjen de Korte <[email protected]>: > Citeren Eric Wilde <[email protected]>: > >> When I use LISTEN, I see an error message about upsd not listening on >> port 3493. For example: >> >> LISTEN 192.168.1.1 3493 >> >> gives >> >> not listening on 192.168.1.1 port 3493 > > Most likely, the port is already in use. What does 'netstat' say here. > >> Any attempts to monitor this system's UPS from the Web UI is then met >> with: >> >> error: Connection failure: Connection refused >> >> Did anybody think this through before breaking it? > > Sure. And if you would have read the archives, you would also know why we > did. > >> Apart from the fact >> that LISTEN seems to be broken, how is one supposed to accept connections >> from part of a network (e.g. 192.168.1.1/24) or reject connections from >> a specific machine or range of machines. > > Use a firewall and read the chapter on ACCESS CONTROL in 'man 8 upsd'. > Together they will give you the same level of granularity. > >> LISTEN doesn't come even close >> to the flexibility of ACL/ACCEPT. > > There is nothing you can do with the previous ACL/ACCEPT mechanism that > can't be done through LISTEN, tcp-wrappers and a firewall. And instead of > giving you a false sense of security of the previous mechanism, this will > actually work against attacks on your upsd server. > > Best regards, Arjen > -- > Please keep list traffic on the list > > > _______________________________________________ > Nut-upsdev mailing list > [email protected] > http://lists.alioth.debian.org/mailman/listinfo/nut-upsdev > _______________________________________________ Nut-upsdev mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/nut-upsdev
