At 10:46 AM 11/21/01, [EMAIL PROTECTED] wrote: >At 10:22 21/11/01 +0000, Rick Hoffman wrote: >> > If you use tcp_wrappers, then the program filename will be tcpd, and >> > argv[0] will be /usr/local/sbin/popper. >> >>What is tcp_wrappers, anyway? What does it do? > >A good way to do access control for any service that runs out of inetd >such as (potentially) ftp, popper, finger, telnet etc, by limiting which >IP addresses can and cannot use those services.
Also any daemon application which cares to make library calls to the wrapper library. I build sendmail with wrapper support. This permits me another method for blocking spammers, especially if what I'm trying to block is a large subnet from a spamhaus, or some such. >You can learn more from looking at the tcpd man pages. > >Of course this has the same effect as a decent firewall but provides an >additional depth to your security. I use routers for first line, ipchains for second line, and tcp wrappers for third line. The advantage of wrappers is the ability to deny based on DNS naming, including anything within a domain. Changing ACLs in the router is the least-preferred method since it is the most annoying to change and have take effect, but it does cover all systems. Changes in ipchains are next easier, but only IP address based (the way our setups work, at least). So wrappers provides a useful level too. ----------------------------------------------------------------- Daniel Senie [EMAIL PROTECTED] Amaranth Networks Inc. http://www.amaranth.com
