[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tcpd with xinetd

On Sat, 4 Jul 1998, Norbert Veber wrote:

> > > 2. for example you cannot allow/deny .domain.tld in xinetd
> > 
> > True. xinetd can do something with network names mentioned in
> > /etc/networks, though I have never figured out the exact format for this
> > file.
> Like I said in my other message which I forgot to send to the list :)
> xinetd can do that, read man xinetd.conf.

>From man xinetd.conf:

       3.  The address check is based on the IP  address  of  the
           remote  host and not on its domain address. We do this
           so that we can avoid remote  name  lookups  which  may
           take  a  long time (since xinetd is single-threaded, a
           name lookup will prevent the daemon from accepting any
           other  requests  until  the  lookup is resolved).  The
           down side of this scheme is that if the IP address  of
           a remote host changes, then access to that host may be
           denied until xinetd is reconfigured.   Whether  access
           is  actually  denied or not will depend on whether the
           new host IP address is among those allowed access. For
           example,  if  the  IP  address  of a host changes from
  to  and  only_from  is  specified  as
  then access will not be denied.

Now, how can I allow access from *.utwente.nl to my host? Or from *.nl? As
I read the above paragraph, this is something xinetd can't do. With tcpd,
one can allow access from *.student.utwente.nl while denying access from
the rest of *.utwente.nl, with only two (obvious) lines. In xinetd.conf,
this would be a lot more difficult since *.utwente.nl is - and *.student.utwente.nl is -

And how would I allow access to a particular service from *.nl while
denying access to that server from the rest of the world? This may seem
senseless, but AFAIK it's something xinetd can not easily do.

If the above is not true, please guide me to a source of information that
tells me how to do domain name based access control with xinetd.

Note that I am a happy xinetd user. This is just a feature that I miss


To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: