Subject: Re: [netatalk-admins] tcpwrapper
From: William LeFebvre (wnl@groupsys.com)
Date: Thu Mar 12 1998 - 07:00:16 EST
You wrote:
> Date: Thu, 12 Mar 1998 10:43:06 GMT
> From: Jonathan Peterson <jon@amxdigital.com>
> To: <netatalk-admins@umich.edu>
> Subject: [netatalk-admins] tcpwrapper
>
>
> Sorry to be ignorant, but what are TCPwrappers, and why does Netatalk
> highly recommend them? Are they a security thing or a speed thing (or
> both?) and where can I get them.
It's a security thing. It originally started as a program that
"wrapped" itself around inetd applications. Inetd is reconfigured
(through inetd.conf) to invoke the wrapper first, which then execs the
service program. But before running the service program the wrapper
checks the peer address against a list of rules found in
/etc/hosts.allow and /etc/hosts.deny to see if that host is allowed
for this service. The access is also logged, and the connection is
checked for any use of IP source routing.
The routines that parse the files and perform the actual checking
were pulled out and placed in a separate library---libwrap---so
that they could be easily embedded in other daemon applications
which were not controlled by inetd. The library is what netatalk
wants to use.
You can get tcpwrappers from the COAST archive at purdue:
ftp to coast.cs.purdue.edu and look in /pub/tools/unix/tcp_wrappers.
William LeFebvre
Group sys Consulting
<wnl@groupsys.com>
+1 770 813 3224
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:31:30 EST