[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TCP Wrappers on Linux (RedHat 6.2)
On Wed, Aug 08, 2001 at 04:19:37PM -0400, Doyon, Jean-Francois wrote:
> I compiled with --enable-wrappers, and the configure did find tcpd.h OK ....
>
> But nothing seems to work right, no matter what I put in hosts.allow all
> connections are accepted!
> I switched the debugging to max (-1) and looked through the logs, but
> didn't see anything indicating whether it tried to call libwrap.a or
> anything like that. Everything seems to get accepted.
If you run with the -d command line option (where debugging output goes to
your terminal) you would have seen a message about the denial (if it were
denied, that is).
> I switched the debugging to max (-1) and looked through the logs, but didn't
> see anything indicating whether it tried to call libwrap.a or anything like
> that. Everything seems to get accepted.
>
> libwrap.a is in /usr/lib, so I don't think it's a problem of not finding it!
since libwrap.a is a .a archive, and not a .so shared object, it should be
compiled into the openldap code, and locating it is not a problem.
$ strings slapd | grep hosts.allow
/etc/hosts.allow
slapd looks for service name 'slapd'. You might want to use the 'tcpdchk'
binary to verify that hosts.allow and hosts.deny are well-formed.
Another option might be using OS packet filter tools (Linux
iptables/ipchains, Unix ipfilter, etc.) instead of compiling against
libtcpd.a. I expect that using OS/kernel packet filtering might be more
efficient than libwrap, especially if you already have packet filtering code
loaded into your kernel.
-Peter