Also, it should be possible to use IPsec, and require all communication between the backup server to the client to be in ESP. This should ensure that only packets in ESP, and hence authenticated, are presented to the IP stack, making the IP-based acl reliable.
A wrinkle is that amanda uses hard-to-predict ports, but the same option that constrains those for firewalling should help for this. Of course, if you have a restricted SPD, then you also have to ensure that amanda drops packets not from the expected port range, and since this wasn't written as a security feature I wouldn't count on that. -- Greg Troxel <[EMAIL PROTECTED]>