<br><br><div class="gmail_quote">2011/3/11 Charles Lepple <span dir="ltr"><<a href="mailto:clepple@gmail.com">clepple@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="im">On Mar 10, 2011, at 4:41 PM, Lukas Haase wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
However, after upgrading from Debian lenny to Debian squeeze (version 2.4.3-1.1squeeze1) I get the messages in syslog:<br>
<br>
ACL in upsd.conf is no longer supported - switch to LISTEN<br>
ACCEPT in upsd.conf is no longer supported - switch to LISTEN<br>
REJECT in upsd.conf is no longer supported - switch to LISTEN<br>
allowfrom in upsd.users is no longer used<br>
<br>
Well, I commented out the lines and it works now. However, there is no access restriction anymore! :-( Why have these wonderful features been dropped? Are there at least any alternatives for ACL, ACCEPT, REJECT and allowFrom?<br>
</blockquote>
<br></div>
The following web page indicates that the Debian squeeze packages of NUT were linked against libwrap, which has had a much longer track record of user-space connection filtering than NUT:<br>
<br>
<a href="http://packages.debian.org/squeeze/nut" target="_blank">http://packages.debian.org/squeeze/nut</a><br>
<br>
This information should be in /usr/share/doc/nut/UPGRADING.gz.<br>
<br>
The NUT mailing list archives have a number of threads where the reasoning for this change has been discussed.<br>
<br>
You also might want to consider kernel-level firewall rules. That means that you won't be exposed to bugs in either NUT's connection handling, or that of libwrap.<br>
<br>
</blockquote></div><br>a full chapter of the user documentation focus on all the security mechanisms available with NUT, including TCP-Wrappers, Firewall, (SSL) authentication and encryption<br><a href="http://www.networkupstools.org/docs/user-manual.chunked/ar01s09.html">http://www.networkupstools.org/docs/user-manual.chunked/ar01s09.html</a><br clear="all">
<br>cheers,<br>Arnaud<br>-- <br>Linux / Unix Expert R&D - Eaton - <a href="http://powerquality.eaton.com" target="_blank">http://powerquality.eaton.com</a><br>Network UPS Tools (NUT) Project Leader - <a href="http://www.networkupstools.org/" target="_blank">http://www.networkupstools.org/</a><br>
Debian Developer - <a href="http://www.debian.org" target="_blank">http://www.debian.org</a><br>Free Software Developer - <a href="http://arnaud.quette.free.fr/" target="_blank">http://arnaud.quette.free.fr/</a><br><br>