Package: tcpd Version: 7.6.dbs-8 Severity: wishlist I use IPsec. I would like to block connections to a service if the client is not using IPsec (similar to only allowing IMAPS and not IMAP). IPsec use can be detected by a socket option (IP_IPSEC_POLICY). It would therefore be useful to me to be able to specify required socket options on a socket and not only client addresses.
The shell command options ("spawn" and "twist") are not adequate because they run with /dev/null as stdin and stdout/stderr and have no way to access the socket. There is also no way to predicate the access on the result of such an external command. I could, I suppose, use the "twist" option to run my own checker which then runs the service (if allowed), but then there would be no need to actually use the wrapper and I could just call the checker from inetd directly. And I feel that tcpd is the proper place for this kind of functionality. Or maybe this is what the IPsec SPD is for, but I never found any sensible documentation for that stuff. /Teddy -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.27-2-686 Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages tcpd depends on: ii debconf [debconf-2.0] 1.4.30.13 Debian configuration management sy ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra -- debconf information: tcpd/paranoid-mode: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]