Manualshelf

NFS Services Administrator's Guide (B.11.31.02) January 2008

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
51525354555657585960
Restricting Access to RPC-based Services
To restrict access to RPC-based services, create an entry with the following syntax in the
/var/adm/inetd.sec file for each service to which you want to restrict access:
service {allow} host_or_network [host_or_network...] {deny}
If the /var/adm/inetd.sec file does not exist, you may have to create it.
The service must match one of the service names in the /etc/rpc file.
Specify either allow or deny, but not both. Enter only one entry per service.
The host_or_network can be either an official host name, a network name, or an IP address.
Any of the four numbers in an IP address can be specified as a range (for example, 1-28) or as a
wildcard character (*).
The inetd.sec file is checked only when the service starts. If a service remains active and
accepts more requests without being restarted, the inetd.secfile is not checked again.
You can use HP SMH to modify the /var/adm/inetd.sec file.
For more information, see inetd.conf (4) and inetd.sec (4).
Examples from /var/adm/inetd.sec
In the following example, only hosts on subnets 15.13.2.0 through 15.13.12.0 are allowed to use
the spray command:
sprayd allow 15.13.2-12.0
In the following example, the host cauliflower is prevented from using the rwall command:
rwalld deny cauliflower
Configuring RPC-based Services 51