Vision 99 <[EMAIL PROTECTED]> writes:
...
>
> Thanks for the tips Brady, I appreciate it - Maybe your setup is using the
> aclfile, and you could tell me what your permit statements look like... That
> 'lsof -i tcp:' was new to me - Thanks! One for the notebook...
> Now here's a question about the program itself - Couldn't the blockfile data
> just be placed inside the hosts.deny file? Eliminating the need for the
> program taking up 2.8% of my memory! I wonder if hosts.deny would relate to
> what the browser receives....?
>
> Take care,
> Mike
I don't use the aclfile option. I'd totally forgotten about it. Instead, I use
the kernel's IP filtering, and it has a rule to only accept TCP packets to
port 8000 from my private network.
Read the ipchains documentation for that (on redhat 6.2, it's in
/usr/doc/ipchains-1.3.9). In there it claims that you can read it at
http://www.rustcorp.com/linux/ipchains as well.
Works well and gives you some peace of mind when it's done, but it is a
project to set aside some time for.
As for hosts.deny, that's a seperate thing. I don't know if you can use run
junkbusters from inetd. Junkbusters will only be using that 2.8% of your ram
when it's active, in which case it doesn't matter who started it. When there's
no clients using it, all of that ram will be reclaimed if needed when
junkbusters is swapped to disk.
For those that don't know, hosts.deny is used by tcpd (the tcp wrapper
daemon), which in turn is used by inetd, which is the daemon which spawns off
various network things like the telnet daemon. Tcpd uses hosts.deny and
hosts.allow to decide whether or not that particular client is allowed to open
a network connection to a part icular local service.
--
Brady Montz
[EMAIL PROTECTED]
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
