Date: Wed, 10 Sep 1997 17:08:05 -0700 (PDT) From: Tom <tom@sdf.com> To: "Pedro Giffuni S," <pgiffuni@fps.biblos.unal.edu.co> Cc: Andreas Klemm <andreas@klemm.gtn.com>, Mark Murray <mark@grondar.za>, ports@freebsd.org Subject: Re: Major bogon in tcp_wrappers port. Message-ID: <Pine.BSF.3.95q.970910170350.1761A-100000@misery.sdf.com> In-Reply-To: <34171352.2B7@fps.biblos.unal.edu.co>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 10 Sep 1997, Pedro Giffuni S, wrote: > > On the other hand ... how much overhead does it bring ? > > Every time when an inetd related service is being started, > > the (of course small) tcpd program has to be executed. > > > Correct, it seems like xinetd doesn't have this problem, but I haven't > used it. Yes, I use xinetd heavily. For services that get hit thousands of times a day, xinetd is only way to go. The only drawback, is that it will will only do access control by IP, because it cannot do DNS lookups (take too long). ... > IMO the only service that MUST have this control is SMTP (I run it in > inetd). I usually restrict access to the mailer from unknown hosts, > which is also a sane measure against spammers. Which should be done within the mailer. The mailer is going to lookup the hostname anyhow, because it has to record it into the Received header. > My two cents. > > Pedro. Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970910170350.1761A-100000>