|
Home > Archive > Unix administration > May 2005 > Blocking IP services using Solaris, Sun cluster commands
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Blocking IP services using Solaris, Sun cluster commands
|
|
| qazmlp1209@rediffmail.com 2005-05-31, 2:48 am |
| Our application runs on 2-node Sun cluster and it provides an IP
service to the Clients. This IP service is available at cluster IP
address:<ip_address> via port:<port>. We want to block this service for
clients at certain times, due to various reasons. How exactly this can
be done? I can understand that, we can use 'IP filtering' to do this. I
would like to know whether this can be done using Solaris, Sun Cluster
commands itself.
| |
| Walter Roberson 2005-05-31, 2:48 am |
| In article <1117511193.803978.11840@g14g2000cwa.googlegroups.com>,
<qazmlp1209@rediffmail.com> wrote:
:Our application runs on 2-node Sun cluster and it provides an IP
:service to the Clients. This IP service is available at cluster IP
:address:<ip_address> via port:<port>. We want to block this service for
:clients at certain times, due to various reasons. How exactly this can
:be done? I can understand that, we can use 'IP filtering' to do this. I
:would like to know whether this can be done using Solaris, Sun Cluster
:commands itself.
It's been years since I used Solaris, so I cannot give you the
most modern of answers. The traditional answer would be to use
Weitse's "tcp wrappers" if the idea is to be selective about who
you will accept. If you want to turn off the service to clients
entirely during those time ranges, you could have a cron tab entry
stopped the service or which commented it in/out of inetd.conf
--
Any sufficiently old bug becomes a feature.
| |
| Vernon Schryver 2005-05-31, 6:03 pm |
| In article <d7gnr1$5po$1@canopus.cc.umanitoba.ca>,
Walter Roberson <roberson@ibd.nrc-cnrc.gc.ca> wrote:
>:Our application runs on 2-node Sun cluster and it provides an IP
>:service to the Clients. This IP service is available at cluster IP
>:address:<ip_address> via port:<port>. We want to block this service for
>:clients at certain times, due to various reasons. How exactly this can
>:be done? I can understand that, we can use 'IP filtering' to do this. I
>:would like to know whether this can be done using Solaris, Sun Cluster
>:commands itself.
>
>It's been years since I used Solaris, so I cannot give you the
>most modern of answers. The traditional answer would be to use
>Weitse's "tcp wrappers" if the idea is to be selective about who
>you will accept.
I'd say that's the traditional answer of those who don't care about
performance, do not really care about security, and do not control
their own applications. Better answers start with looking at the
application's authentication and authorization controls, including
modifying the application to have some if necessary.
Vernon Schryver vjs@rhyolite.com
|
|
|
|
|