On 2013-07-23 16:00, Carl Brewer wrote:
I haven't had any luck googling for this, except for using IPF. Is it possible to bind OI (151a8) CIFS to one interface - I have a server which sits on an Internet link and my LAN with two ethernet interfaces and I only want CIFS to listen on the LAN interface. Possible? (I know I can block it with IPF, but that's not the best way, IMO). Best way to do it?
Well, in general security, it is best to know what you permit. Allow certain protocols on certain interfaces, and block the rest by default (you can allow all from LAN ;) in this model, too). If your server is also doing NAT for LAN systems to go to internet, permissive rules for returning packets are added by IPF dynamically for the duration of the NAT session. _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
