Thanks for all the helpful replies - too many to reply individually. The
following suggestions were made, along with the frequency of the suggestion:

Get a real firewall: 5
Use TCPWrappers: 6
Use IPFilter: 4
Use xinetd: 3
Use other misc. sw: 4

I will explain a bit further. We do have a router set up as a firewall (ARN
Router) but our network guys are having trouble getting the filters
configured to deny access to all but a few ports. Doesn't seem like it
should be that hard, but then I am not familiar with the Nortel world..
With a Cisco router I believe it could be done in 5 minutes with a
relatively simple access list (flame-bait there? Maybe :-)). In any case,
I will be looking into TCPWrappers as a solution to the problem as it sounds
like it is a more or less universally accepted/trusted package even though
it is not part of Solaris. Any comments on whether TCPWrappers is reliable
and secure enough for a production environment?

Thanks again,


I'm having a problem that I have not been able to resolve by RTFM. We have
a production server that we have just installed a 2nd NIC card into. This
server is set up to NOT do any routing between the networks. There are no
connectivity problems apparent.

The problem is that we want to deny access to all but a few carefully
selected ports from the 2nd interface while allowing the normal assortment
of ports to be accessed from the original interface. Is this possible? And
if so, what needs to be configured to make this happen? I can't see any way
to do this in inetd.conf.

Thanks in advance,


