To:
Doug Barton <DougB@dougbarton.net>
cc:
Brad Knowles <brad.knowles@skynet.be>, Markus Stumpf <maex-lists-dns-ietf-dnsop@Space.Net>, <dnsop@cafax.se>
From:
Dean Anderson <dean@av8.com>
Date:
Fri, 4 Apr 2003 23:09:02 -0500 (EST)
In-Reply-To:
<20030404191337.S10499@12-234-22-23.pyvrag.nggov.pbz>
Sender:
owner-dnsop@cafax.se
Subject:
Re: I-D ACTION:draft-ietf-dnsop-inaddr-required-04.txt
I think you are confusing tcp-wrappers with socks. No doubt that
socks-like library could be made from tcp-wrappers, but I don't think
there has been. Its kind of a mute point though, since as has been pointed
out, no one uses this functionality, and large sites don't run these
servers out of inetd.
Could such services be built? Sure.
Are they built? No.
From the tcp-wrappers readme:
===
There are two ways to use the wrapper programs:
1) The easy way: move network daemons to some other directory and fill
the resulting holes with copies of the wrapper programs. This
approach involves no changes to system configuration files, so there
is very little risk of breaking things.
2) The advanced way: leave the network daemons alone and modify the
inetd configuration file. For example, an entry such as:
tftp dgram udp wait root /usr/etc/tcpd in.tftpd -s /tftpboot
===
--Dean
On Fri, 4 Apr 2003, Doug Barton wrote:
> On Fri, 4 Apr 2003, Dean Anderson wrote:
>
> > TCP wrappers only works on services that run out of inetd. Most large
> > sites doen't run FTP, gopher, or HTTP out of inetd.
>
> This is not correct. You can link with the tcp wrappers library for just
> about any network service. Most of the FreeBSD network services are
> configured this way, for example.
>
> Doug
>
> --
>
> If it's moving, encrypt it. If it's not moving, encrypt
> it till it moves, then encrypt it some more.
>
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.