DACinet usage examples
For example, when using DACinet to restrict access to port TCP/25 inbound to root only with the DACinet feature, then only root users from other AIX® hosts can access this port, therefore limiting the possibilities of regular users to spoof e-mail by just telneting to port TCP/25 on the victim.
The following example shows how to configure the X protocol (X11) for root only access. Make sure that the X11 entry in /etc/security/services is removed, so that the ACLs will apply for this service.
Assuming a subnet of 10.1.1.0/24 for all the connected
systems, the ACL entries to restrict access to the root user only
for X (TCP/6000) in /etc/security/acl would be
as follows:
6000 10.1.1.0/24 u:root
When limiting Telnet service to users in the group friends, no matter from which system they are coming from,
use the following ACL entry after having removed the telnet entry
from /etc/security/services:
telnet 0.0.0.0/0 g:friendsDisallow user fred access to the web server, but allow
everyone else access:
-80 0.0.0.0/0 u:fred
80 0.0.0.0/0