From owner-freebsd-stable  Wed Jul 28 10:53:19 1999
Delivered-To: freebsd-stable@freebsd.org
Received: from shemp.palomine.net (shemp.palomine.net [205.198.88.200])
	by hub.freebsd.org (Postfix) with SMTP id 952D714C0E
	for <freebsd-stable@FreeBSD.ORG>; Wed, 28 Jul 1999 10:53:15 -0700 (PDT)
	(envelope-from cjohnson@palomine.net)
Received: (qmail 13355 invoked by uid 1000); 28 Jul 1999 17:52:05 -0000
Date: Wed, 28 Jul 1999 13:52:05 -0400
From: Chris Johnson <cjohnson@palomine.net>
To: Seth <seth@freebie.dp.ny.frb.org>
Cc: freebsd-stable@FreeBSD.ORG
Subject: Re: tcpd, inetd, and hosts.[allow|deny]
Message-ID: <19990728135205.A13283@palomine.net>
References: <19990728202954.A75107@dblab.ece.ntua.gr> <Pine.BSF.4.10.9907281334220.3008-100000@freebie.dp.ny.frb.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.6i
In-Reply-To: <Pine.BSF.4.10.9907281334220.3008-100000@freebie.dp.ny.frb.org>; from Seth on Wed, Jul 28, 1999 at 01:41:52PM -0400
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, Jul 28, 1999 at 01:41:52PM -0400, Seth wrote:
> 
> 
> On Wed, 28 Jul 1999, Yiorgos Adamopoulos wrote:
> 
> > On Wed, Jul 28, 1999 at 01:17:26PM -0400, Seth wrote:
> > > administrative point of view.  The access files must be moved from
> > > /usr/local/etc to /etc in order for a default wrapped inetd config to
> > > access them.  Any administrator who relied on wrapping and who made the
> > 
> > Now this is where I disagree.  The default /etc/hosts.allow allows every
> > connection.  Which is OK, since if you cut-n-paste your old inetd.conf tcpd
> > wrapped lines, inetd will execute tcpd, who (tcpd) will check
> > /usr/local/etc/hosts.{allow,deny} which will do what the administrator
> > expects.
> > 
> 
> Not sure I follow you.  Assume for a moment that you've been using the tcpd
> package and have created a custom /usr/local/etc/hosts.deny to filter, say,
> ftp attempts from some domain.  Ignore for the moment that the tcpdmatch that
> comes with FreeBSD base distributions past some point in time after 3.1-R
> won't check these files by default (my first original point). Your tcpd,
> installed as /usr/local/libexec/tcpd, works fine with your
> /usr/local/etc/hosts.deny.
> 
> You've now made world using post-7/12 sources and decided to use this new
> feature -- wrapping from inetd -- as opposed to tcpd.  Hey, why use an
> external program when inetd is more than happy to do it for you?  You remove
> all the references to /usr/local/libexec/tcpd from your /etc/inetd.conf, and
> restart inetd with -w.

But before you blindly remove all references to /usr/local/libexec/tcpd, you
read the man page for the new inetd, which refers you to hosts_access(5). You
read that and see that the files are now in /etc. And even if you don't read
the man page, it occurs to you that since inetd is a part of the base
distribution, it'd never be looking at a file in /usr/local/etc anyway.

Chris


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message