Package: tcpd
Version: 7.6.dbs-8
Severity: wishlist
I use IPsec. I would like to block connections to a service if the
client is not using IPsec (similar to only allowing IMAPS and not
IMAP). IPsec use can be detected by a socket option
(IP_IPSEC_POLICY). It would therefore be useful to me to be able to
specify required socket options on a socket and not only client
addresses.
The shell command options ("spawn" and "twist") are not adequate
because they run with /dev/null as stdin and stdout/stderr and have
no way to access the socket. There is also no way to predicate the
access on the result of such an external command.
I could, I suppose, use the "twist" option to run my own checker which
then runs the service (if allowed), but then there would be no need to
actually use the wrapper and I could just call the checker from inetd
directly. And I feel that tcpd is the proper place for this kind of
functionality.
Or maybe this is what the IPsec SPD is for, but I never found any
sensible documentation for that stuff.
/Teddy
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.27-2-686
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages tcpd depends on:
ii debconf [debconf-2.0] 1.4.30.13 Debian configuration management sy
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
-- debconf information:
tcpd/paranoid-mode: false
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
