From owner-freebsd-hackers  Sun Jun 20 17:50: 4 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from pallas.veritas.com (pallas.veritas.com [204.177.156.25])
	by hub.freebsd.org (Postfix) with ESMTP
	id C205D14BF6; Sun, 20 Jun 1999 17:50:00 -0700 (PDT)
	(envelope-from aaron@sigma.veritas.com)
Received: from megami.veritas.com (megami.veritas.com [192.203.46.101])
	by pallas.veritas.com (8.9.1a/8.9.1) with SMTP id RAA05540;
	Sun, 20 Jun 1999 17:50:45 -0700 (PDT)
Received: from sigma.veritas.com([192.203.46.125]) (1877 bytes) by megami.veritas.com
	via sendmail with P:esmtp/R:smart_host/T:smtp
	(sender: <aaron@sigma.veritas.com>) 
	id <m10vsHf-0000rjC@megami.veritas.com>
	for <wietse@freebsd.org>; Sun, 20 Jun 1999 17:49:59 -0700 (PDT)
	(Smail-3.2.0.101 1997-Dec-17 #3 built 1999-Jan-25)
Received: from sigma (localhost [127.0.0.1])
	by sigma.veritas.com (8.9.2/8.9.1) with ESMTP id RAA01387;
	Sun, 20 Jun 1999 17:49:59 -0700 (PDT)
	(envelope-from aaron@sigma.veritas.com)
Message-Id: <199906210049.RAA01387@sigma.veritas.com>
From: Aaron Smith <aaron-fbsd@mutex.org>
To: freebsd-hackers@freebsd.org
Cc: wietse@freebsd.org
Subject: inetd/tcpd...changing hosts.allow...plus a documentation issue
Date: Sun, 20 Jun 1999 17:49:59 -0700
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

hi all,

[this is all on 3.2-RELEASE]

i recently had some problems getting inetd tcp wrappers to do "the right
thing". i tried a sample configuration where i allowed telnet explicitly:

ALL : localhost : allow
telnetd : ALL : allow
ALL : ALL : deny

unfortunately incoming telnet was still denied. at first i tried HUPping
inetd to reread the hosts.allow, but after looking at the source it appears
to re-read its information each time hosts_access is called. has anyone
else had problems updating this file and getting inetd to reflect the new
behavior?

note that "tcpdmatch telnetd <client_host>" was reporting "access granted"
and yet inetd was refusing the connection. killing inetd COMPLETELY and
restarting inetd caused it to start accepting the connections.

i'm looking at it a bit but perhaps a maintainer knows if something is
being cached here?

on another note, LIBWRAP_INTERNAL looks like it must be defined for
internal services to be wrapped, yet it is not defined during freebsd's
compile -- only LIBWRAP is. yet freebsd's inetd man page says that internal
services may be wrapped. since it is not currently so by default, perhaps
either the documentation or the Makefile should be modified?

aaron


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message