Hi
a) inetd.sec is / has been obsolete for two decades.
b) if you continue to use it, then you must restart the inetd daemon after any changes. To restart:
# inetd -c
c) tcp_wrappers has been used as a replacement to inetd.sec
http://www.linuxfromscratch.org/blfs/view/stable/basicnet/tcpwrappers.htmld) The default Ignite Servers setup is to work in only one subnet, as it is very easy to secure an internal subnet through the routers and gateways.
e) I don't see your concern for anonymous pulling igniting from your own servers in your own datacenter on your own internal subnets.
f) To enhance igniting over two subnets additional O/S patching and router enhancements called "Boot Helper" are required, see Page 80 of below, also see router manufacter for compatibility.
http://docs.hp.com/en/B2355-90970/apcs01.htmle) There is a Ignite registration procedure from the server that may or may not be enough security for you, see page 45 of above. I've used this procedure to push ignite out to clients, however, I think you are more interested in anonymous pulling clients and I don't know if this client registration is enough. When I've used it the Ignite server will automatically detect any new client within the current subnet only. And I'm not sure if auto detection of new clients works with Boot Helper.
Support Fatherhood - Stop Family Law
