From owner-freebsd-ports  Fri Sep 12 09:01:11 1997
Return-Path: <owner-freebsd-ports>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id JAA12999
          for ports-outgoing; Fri, 12 Sep 1997 09:01:11 -0700 (PDT)
Received: from news1.gtn.com (news1.gtn.com [194.77.0.15])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id JAA12978;
          Fri, 12 Sep 1997 09:00:53 -0700 (PDT)
Received: (from uucp@localhost)
	by news1.gtn.com (8.8.6/8.8.6) with UUCP id RAA05018;
	Fri, 12 Sep 1997 17:45:15 +0200 (MET DST)
Received: (from andreas@localhost)
	by klemm.gtn.com (8.8.7/8.8.7) id RAA00353;
	Fri, 12 Sep 1997 17:27:44 +0200 (CEST)
Message-ID: <19970912172743.64756@klemm.gtn.com>
Date: Fri, 12 Sep 1997 17:27:43 +0200
From: Andreas Klemm <andreas@klemm.gtn.com>
To: Torsten Blum <torstenb@onizuka.tb.9715.org>
Cc: mark@grondar.za, ports@freebsd.org, hackers@freebsd.org
Subject: Re: Major bogon in tcp_wrappers port.
References: <19970911075604.13003@klemm.gtn.com> <m0x9RYo-0006haC@onizuka.tb.9715.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.79
In-Reply-To: <m0x9RYo-0006haC@onizuka.tb.9715.org>; from Torsten Blum on Fri, Sep 12, 1997 at 10:58:42AM +0200
X-Disclaimer: A free society is one where it is safe to be unpopular
X-Operating-System: FreeBSD 3.0-CURRENT SMP
Sender: owner-freebsd-ports@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Fri, Sep 12, 1997 at 10:58:42AM +0200, Torsten Blum wrote:
> 
> Everybody has different needs for security. There are more than enough
> users who'll never need tcpwrapper because
>  - they only have a small set of "services" running on these boxes
>    (for example www server, dns, sendmail etc)
>  - we have users who really don't care about security (sad but true).
>    They never care to configure hosts.{allow,deny} or even check their
>    logfiles
>  - Machines without connections "external" connection
> and many many more

ok, agreed.

> Andreas, have you _ever_ configured tcpd ? tcpd is not a standalone daemon.
> To activate it, you have to modify inetd.conf. 

Yes I'm using it in the company for our secured FreeBSD internet
gateway ...

> Don't get me wrong, I'm all for a "more" secure system, but you don't get
> this out of the box. You _always_ have to configure something.

Ok, agreed. Peace man ;-)

-- 
Andreas Klemm | klemm.gtn.com - powered by
                    Symmetric MultiProcessor FreeBSD
                       http://www.freebsd.org/~fsmp/SMP/SMP.html
                          http://www.freebsd.org/~fsmp/SMP/benches.html