thr3ads.net - Nut upsuser - [Nut-upsuser] Access restriction on Upgrade Debian lenny -> Debian squeeze [Mar 2011]

If this information is useful, please help other people find it:
Share via:

Lukas Haase

2011-Mar-10 21:41 UTC

[Nut-upsuser] Access restriction on Upgrade Debian lenny -> Debian squeeze

Hi,

In Debian lenny I used the following in upsd.conf:

ACL all 0.0.0.0/0
ACL localhost 127.0.0.1/32
ACL webinterface 192.168.0.2/32
ACL slave 192.168.50.22/32

ACCEPT localhost
ACCEPT webinterface
ACCEPT slave
REJECT all

and in upsd.users:

[monmaster]
         password = secret0
         allowfrom = localhost
         upsmon master

[monslave]
         password = secret1
         allowfrom = slave
         upsmon slave

[admin]
         password = secret2
         actions = SET
         instcmds = ALL
         allowfrom = webinterface

Although upsd runs in a secured, private network, I would like to 
restrict the access.

However, after upgrading from Debian lenny to Debian squeeze (version 
2.4.3-1.1squeeze1) I get the messages in syslog:

ACL in upsd.conf is no longer supported - switch to LISTEN
ACCEPT in upsd.conf is no longer supported - switch to LISTEN
REJECT in upsd.conf is no longer supported - switch to LISTEN
allowfrom in upsd.users is no longer used

Well, I commented out the lines and it works now. However, there is no 
access restriction anymore! :-( Why have these wonderful features been 
dropped? Are there at least any alternatives for ACL, ACCEPT, REJECT and 
allowFrom?

Regards,
Luke

Charles Lepple

2011-Mar-11 03:17 UTC

head link

[Nut-upsuser] Access restriction on Upgrade Debian lenny -> Debian squeeze

On Mar 10, 2011, at 4:41 PM, Lukas Haase wrote:
> However, after upgrading from Debian lenny to Debian squeeze  
> (version 2.4.3-1.1squeeze1) I get the messages in syslog:
>
> ACL in upsd.conf is no longer supported - switch to LISTEN
> ACCEPT in upsd.conf is no longer supported - switch to LISTEN
> REJECT in upsd.conf is no longer supported - switch to LISTEN
> allowfrom in upsd.users is no longer used
>
> Well, I commented out the lines and it works now. However, there is  
> no access restriction anymore! :-( Why have these wonderful features  
> been dropped? Are there at least any alternatives for ACL, ACCEPT,  
> REJECT and allowFrom?
The following web page indicates that the Debian squeeze packages of  
NUT were linked against libwrap, which has had a much longer track  
record of user-space connection filtering than NUT:

    http://packages.debian.org/squeeze/nut

This information should be in /usr/share/doc/nut/UPGRADING.gz.

The NUT mailing list archives have a number of threads where the  
reasoning for this change has been discussed.

You also might want to consider kernel-level firewall rules. That  
means that you won't be exposed to bugs in either NUT's connection  
handling, or that of libwrap.

Maybe Matching Threads

Search for more reasonably related threads

Nut upsuser - Mar 2011 - Access restriction on Upgrade Debian lenny -> Debian squeeze

[Nut-upsuser] Access restriction on Upgrade Debian lenny -> Debian squeeze

[Nut-upsuser] Access restriction on Upgrade Debian lenny -> Debian squeeze

Maybe Matching Threads