From owner-freebsd-hackers Fri Jun 25 12:12:33 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11]) by hub.freebsd.org (Postfix) with SMTP id B7C9F150D2 for ; Fri, 25 Jun 1999 12:12:20 -0700 (PDT) (envelope-from dwmalone@maths.tcd.ie) Received: from boole.maths.tcd.ie by salmon.maths.tcd.ie with SMTP id ; 25 Jun 1999 20:12:01 +0100 (BST) Date: Fri, 25 Jun 1999 20:12:01 +0100 From: David Malone To: Aaron Smith Cc: Sheldon Hearn , Keith Stevenson , freebsd-hackers@FreeBSD.ORG Subject: Re: Inetd and wrapping. Message-ID: <19990625201201.A10893@boole.maths.tcd.ie> References: <14531.930319505@axl.noc.iafrica.com> <199906251802.LAA31221@sigma.veritas.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.1i In-Reply-To: <199906251802.LAA31221@sigma.veritas.com>; from Aaron Smith on Fri, Jun 25, 1999 at 11:02:04AM -0700 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, Jun 25, 1999 at 11:02:04AM -0700, Aaron Smith wrote: > i have no problem with -w options, but i am still surprised that you want > to go ahead with the conf format change. This isn't so much a conf format change, as a conf format extension. It is the same type of extension as was added to support max child and max child per minute - which aren't a standard inetd feature. All old inetd.conf files remain valid. (It's not like inetd.conf is all that machine independant anyway, as it is full of paths to programs and contains services specific to that machine. You'd never condider rdisting it between machines of a different architecture for example). > (john baldwin? not sure) raised the issue that before, he could control > which services were wrapped. now, all services are wrapped. why is this > bad? what has been lost? Some people think that doing the hosts.allow lookup is too expensive for some services but not others. (It requires opening /etc/hosts.allow, reading it in line by line and possibly doing DNS lookups). I wouldn't say it actually makes that much difference 'cos very few people provide really high performance services from inetd, and the hit from tcp wrapping isn't all that high (we run our smtpd from inetd first through tcp wrappers and then through a rbl program and then finally the smtpd and don't have any problems with it). David. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message