[syslinux] tftp-hpa features?
Matt Zagrabelny
mzagrabe at d.umn.edu
Mon Jan 11 09:51:43 PST 2016
Hi hpa,
On Mon, Jan 11, 2016 at 10:28 AM, H. Peter Anvin <hpa at zytor.com> wrote:
> On 01/11/16 08:09, Matt Zagrabelny via Syslinux wrote:
>>
>> I would like to propose a feature request of adding filespace ACLs to tftpd-hpa.
>>
>> Example:
>>
>> I serve data out of /srv/tftp. I only want clients 192.168.1.0/24 to
>> have read access to /srv/tftp/data_1 and only want clients
>> 192.168.2.0/24 to have read access to /srv/tftp/data_2.
>>
>> Configuration:
>>
>> One could create a new config file and command-line option, but I
>> believe it could also be done as an extension to the map-file.
>>
>> Add a new operation letter:
>>
>> c - indicate an extra client field in this rule
>>
>> map-file contents:
>>
>> ec 192.168.1.0/24 ^data_1/
>> a ^data_1/
>> ec 192.168.2.0/24 ^data_2/
>> a ^data_2/
>>
>> What do you think?
>>
>> Thanks for your consideration.
>>
>
> This is actually already possible, but it is definitely awkward:
Looking at the remapping options I thought that this contortion was a
plausible solution, but wasn't sure I wanted to spend the mental
energy figuring it out. Thank you for the solution! :)
Any desires to make it easier to ACL?
A reason being is we drive configs from puppet, both firewall and
tftpd-hpa map-file. It is nice if we can use the same string
(192.168.1.0/24) in both the iptables template and the map-file
template without having to escape the dots of the subnet, or deviate
into a regex equivalent of the subnet. Food for thought, perhaps.
Thanks again for the help!
-m
More information about the Syslinux
mailing list