Date: Wed, 28 Jul 1999 13:52:05 -0400 From: Chris Johnson <cjohnson@palomine.net> To: Seth <seth@freebie.dp.ny.frb.org> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: tcpd, inetd, and hosts.[allow|deny] Message-ID: <19990728135205.A13283@palomine.net> In-Reply-To: <Pine.BSF.4.10.9907281334220.3008-100000@freebie.dp.ny.frb.org>; from Seth on Wed, Jul 28, 1999 at 01:41:52PM -0400 References: <19990728202954.A75107@dblab.ece.ntua.gr> <Pine.BSF.4.10.9907281334220.3008-100000@freebie.dp.ny.frb.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 28, 1999 at 01:41:52PM -0400, Seth wrote:
>
>
> On Wed, 28 Jul 1999, Yiorgos Adamopoulos wrote:
>
> > On Wed, Jul 28, 1999 at 01:17:26PM -0400, Seth wrote:
> > > administrative point of view. The access files must be moved from
> > > /usr/local/etc to /etc in order for a default wrapped inetd config to
> > > access them. Any administrator who relied on wrapping and who made the
> >
> > Now this is where I disagree. The default /etc/hosts.allow allows every
> > connection. Which is OK, since if you cut-n-paste your old inetd.conf tcpd
> > wrapped lines, inetd will execute tcpd, who (tcpd) will check
> > /usr/local/etc/hosts.{allow,deny} which will do what the administrator
> > expects.
> >
>
> Not sure I follow you. Assume for a moment that you've been using the tcpd
> package and have created a custom /usr/local/etc/hosts.deny to filter, say,
> ftp attempts from some domain. Ignore for the moment that the tcpdmatch that
> comes with FreeBSD base distributions past some point in time after 3.1-R
> won't check these files by default (my first original point). Your tcpd,
> installed as /usr/local/libexec/tcpd, works fine with your
> /usr/local/etc/hosts.deny.
>
> You've now made world using post-7/12 sources and decided to use this new
> feature -- wrapping from inetd -- as opposed to tcpd. Hey, why use an
> external program when inetd is more than happy to do it for you? You remove
> all the references to /usr/local/libexec/tcpd from your /etc/inetd.conf, and
> restart inetd with -w.
But before you blindly remove all references to /usr/local/libexec/tcpd, you
read the man page for the new inetd, which refers you to hosts_access(5). You
read that and see that the files are now in /etc. And even if you don't read
the man page, it occurs to you that since inetd is a part of the base
distribution, it'd never be looking at a file in /usr/local/etc anyway.
Chris
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990728135205.A13283>