Peter Münster wrote:
On Tue, 6 Mar 2001, Joop Boonen wrote:
service. So if you set-up telnet or pop3 you can restrict the addresses that can use it. This is not possible with inetd that you have to use a portwrapper or a firewall to accomplish this. I meant client addresses.
Are you sure? I read something else a while ago on this list. You should do perhaps a "man inetd"...
What i see in man inetd is that you can specify a local address, so if an interface ahs more than one ip address , or when you have multiple interfaces. But every person can still use the specified service when it's connected to the right ip address/port. Correct me when i'm wrong.
I don't know, I've never read the manual of inetd... But it seems, that I didn't understand that *major advantage*. Is it just the functionality of tcpd? Peter
-- Peter Münster http://notrix.net/pm-vcard
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Dear Peter, I'll try to explain with the xinetd.conf file. I'll add the comments by means of #* . Regards, Joop Boonen. # # xinetd.conf # # Copyright (c) 1998-99 SuSE GmbH Nuernberg, Germany. # defaults { #* below produces log lines in the mentioned cases log_type = FILE /var/log/xinetd.log log_on_success = HOST EXIT DURATION log_on_failure = HOST ATTEMPT RECORD #* below only alows connections from 192.168.2.4 localhost #* this effects all services mentioned below, here pop3 only_from = 192.168.2.4 localhost instances = 2 # # The specification of an interface is interesting, if we are on a firewall. # For example, if you only want to provide services from an internal # network interface, you may specify your internal interfaces IP-Address. # # interface = 192.168.2.1 # } ## ## Now the definitions of the different services ## ## service pop3 { socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/ipop3d }