I just compiled portsentry from pkgsrc, and have been trying to get 
it to run. I haven't tried it with tcpwrappers yet, as I didn't 
realize that it was built in to inetd.

I tried to set it up to use ipf:
KILL_ROUTE="/bin/echo block in quick on ae1 from $TARGET$/32 to any | 
/sbin/ipf -f -"

Which is the only way I could think of to do it, though there maybe 
an option in ipf that I don't know about so that you can specify the 
rule on the command line. (Is $TARGET$/32 correct? I always get mixed 
up when I use the IP/mask form.)

I started portsentry:

root ~$ portsentry -tcp
root ~$ portsentry -udp
root ~$ cat /var/log/messages | egrep "^Feb 10 11:.*portsentry"
Feb 10 11:34:01 mwdesign portsentry[18730]: adminalert: Psionic 
PortSentry 1.0 is starting.
Feb 10 11:34:01 mwdesign portsentry[18731]: adminalert: Going into 
listen mode on TCP port: 1
<snip>
Feb 10 11:34:01 mwdesign portsentry[18731]: adminalert: PortSentry is 
now active and listening.
Feb 10 11:34:05 mwdesign portsentry[18732]: adminalert: Psionic 
PortSentry 1.0 is starting.
Feb 10 11:34:05 mwdesign portsentry[18733]: adminalert: Going into 
listen mode on UDP port: 1
<snip>
Feb 10 11:34:05 mwdesign portsentry[18733]: adminalert: PortSentry is 
now active and listening.

How do I go about testing it? Can I just telnet to each port from, 
say, 1 to 22 in succession and see if it notices? (Below 22 it only 
monitors 1 and  15, so I guess those are all I'd need to hit.)

One other question: I'm not sure I understand what the difference 
between tcpwrappers and ipf is. Other than differences in interface 
and specificity, they seem pretty similar. (By specificity, I mean 
that in ipf I can specify if it's on ae0 or ae1, etc.) So, do they 
actually do different things, or is it redundant to set up a 
hosts.deny/allow file (is it the new version that allows the : 
DENY/ALLOW syntax?)?

Thanks for your help,
Daniel