From owner-freebsd-questions@FreeBSD.ORG Wed May 7 08:36:36 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 00E0337B401 for ; Wed, 7 May 2003 08:36:36 -0700 (PDT) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 387F843FA3 for ; Wed, 7 May 2003 08:36:35 -0700 (PDT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.12.9/8.12.9) id h47FaXUv028873; Wed, 7 May 2003 10:36:33 -0500 (CDT) (envelope-from dan) Date: Wed, 7 May 2003 10:36:33 -0500 From: Dan Nelson To: "Michael K. Smith" Message-ID: <20030507153632.GJ63345@dan.emsphone.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-OS: FreeBSD 5.0-CURRENT X-message-flag: Outlook Error User-Agent: Mutt/1.5.4i cc: FreeBSD Questions Subject: Re: Where is tcpd? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 May 2003 15:36:36 -0000 X-List-Received-Date: Wed, 07 May 2003 15:36:36 -0000 In the last episode (May 07), Michael K. Smith said: > I would like to use TCP Wrappers for ssh connections to a box, and > all of the literature regarding the inetd.conf configuration > references /usr/sbin/tcpd. I have been unable to find tcpd anywhere > on the system. Is there another way to reference the required files > in inetd.conf? Hm? This is the only place tcpd is mentioned in the inetc.conf manpage, and I think it answers your question pretty well. IMPLEMENTATION NOTES TCP Wrappers When given the -w option, inetd will wrap all services specified as ``stream nowait'' or ``dgram'' except for ``internal'' services. If the -W option is given, such ``internal'' services will be wrapped. If both options are given, wrapping for both internal and external services will be enabled. Either wrapping option will cause failed connections to be logged to the ``auth'' syslog facility. Adding the -l flag to the wrapping options will include successful connections in the logging to the ``auth'' facility. Note that inetd only wraps requests for a ``wait'' service while no servers are available to service requests. Once a connection to such a service has been allowed, inetd has no control over subsequent connec- tions to the service until no more servers are left listening for connec- tion requests. When wrapping is enabled, the tcpd daemon is not required, as that functionality is builtin. For more information on TCP Wrappers, see the relevant documentation (hosts_access(5)). When reading that document, keep in mind that ``internal'' services have no associated daemon name. Therefore, the service name as specified in inetd.conf should be used as the daemon name for ``internal'' services. -- Dan Nelson dnelson@allantgroup.com