[Eug-lug] Wrapping for Access Control

[Jeff_W]

larry price <laprice at gmail.com> wrote:

> What are you telling PyGopherd to listen to?

Here's the pertinent lines from /etc/services & /etc/inetd.conf:

% grep -h py /etc/inetd.conf /etc/services
# added for TCP Wrappers control of pygopherd - beaker: 1/20/2005
pygopherd  stream  tcp   nowait  root   /usr/pkg/bin/pygopherd  pygopherd

# added for TCP Wrappers control of pygopherd - beaker: 1/20/2005
pygopherd       7070/tcp                # PYGopherd server

*The server defaults to a chrooted /var/gopher directory and
runs as user:group "gopher:gopher" - a non-existent user w/ no login.


I should mention that when I use the tcpdchk & tcpmatch tools
everything appears to work (allow LAN hosts; deny outsiders):

beaker at bsdbox: [25] tcpdmatch pygopherd lan_host
tcpdmatch pygopherd lan_host
warning: lan_host: hostname nor servname provided, or not known
client:   hostname lan_host
client:   address  192.168.2.5
server:   process  pygopherd
matched:  /etc/hosts.allow line 10
access:   granted

beaker at bsdbox: [26] tcpdmatch pygopherd euglug.org
tcpdmatch pygopherd euglug.org
warning: euglug.org: hostname nor servname provided, or not known
client:   hostname euglug.org
client:   address  207.189.131.194
server:   process  pygopherd
matched:  /etc/hosts.deny line 8
option:   twist echo "Sorry - no access for you"
access:   delegated


I noticed that the "stock" TCP Wrappers is available in the
NetBSD pkgsrc tree; maybe I should install that and try again...


> You could tell it to listen on a unix socket and have inetd pass the
> connection that way.

How would I do this?

-Jeff