[ On Thursday, November 7, 2002 at 09:18:03 (+0100), Pavel Cahyna wrote: ]
> Subject: Re: hosts.deny has no effect for ntalkd
>
> > The integrated TCP Wrappers support in inetd is only for TCP services
> > (and only for "external" TCP services too unless you recompile inetd
> > with -DLIBWRAP_INTERNAL).  UDP services are not protected (or logged
> > with '-l').  "wait" services aren't even wrapped as far as I can tell.
> 
> Thanks for the clarification. Shouldn't be tcpd provided until this gets
> implemented in inetd? Or at least, please mention this in inetd(8) and

See my PR#18955.  :-)

(I don't think providing "tcpd" is of any use on NetBSD -- it would be a
lot of work to bring it up to par.)

I think it would be "safe" to use libwrap in (at least my version of)
inetd to control UDP servers, however I haven't tried this yet.

One big problem that is sort of related to this issue is that the
libwrap code itself has a poor API that really wasn't properly thought
out as a facility for other daemons to use and a lot of the work that
has to be done in the daemon itself for logging or whatever is redone in
libwrap.  I've often thought of redesigning that API, but I'm not sure
what the benefit would be outside my own code.

> hosts_access(5). Should I send a PR about documentation bug?

There is mention there that tcpd is not offered, and that note includes
a cross reference to inetd(8).  However nothing other than the
implication given in the name "TCP Wrappers" says that UDP services can
not yet be protected by inetd.

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>