tcp_wrappers provides host-based access restrictions on tcp services:
facilities for monitoring and filtering incoming requests for the SSHD,
SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK, and other
network services.
The package provides a tiny daemon wrapper program that can be installed
without any changes to existing software or to existing configuration
files. The wrappers report the name of the client host and of the
requested service; the wrappers do not exchange information with the
client or server applications, and impose no overhead on the actual
conversation between the client and server applications.
:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:
Changes in 7.6-4 since 7.6-2 (-3 unreleased)
* new maintainer
* Switch to cygport build tool
* incorporate debian patches -- see below
* build shared library
* split into multiple packages
!!!! ---- IMPORTANT ---- !!!!
END USERS: the new package is compiled WITHOUT -DPARANOID (which
enforces remote-host IP address and remote-host name agreement). This is
Debian policy, because the paranoid behavior can be enabled at runtime
(flexibility is good). This package will install a version of
/etc/hosts.allow that re-enables paranoid behavior -- but only if
/etc/hosts.allow doesn't exist.
If you are upgrading, then you will "lose" paranoid behavior. To
re-enable it, add the following line to /etc/hosts.allow:
ALL : PARANOID : DENY
(btw, paranoia is not /always/ a good thing, even in this context)
!!!! ---- IMPORTANT ---- !!!!
DEVELOPERS: see the note about STRONGSYMS, below.
:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:
Incorporates the Debian extensions:
* cygwrap-0.dll and libwrap.dll.a are available for dynamic linking.
* You can blacklist a whole bunch of hosts at once by specifying a
file that contains a list of those hosts instead of just naming
a host. See the hosts_access(5) manpage.
* You can allow or disallow access to a service depending on the
exit status of a program. See the hosts_access(5) manpage.
* CIDR support in hosts_access(5) functions.
* %r and %R parameters in hosts_access(5) functions.
* Servers can be matched by port number other than by process name.
* IPv6 support: patches are applied, but support is NOT enabled.
Waiting on IPv6 support in cygwin.
* manpages for installed tools not provided by upstream source
Build options (that differ from previous releases)
--------------------------------------------------
STYLE = "-DPROCESS_OPTIONS -DACLEXEC"
Debian TCP Wrappers use the extended syntax for /etc/hosts.allow
and /etc/hosts.deny. This particularly affects spawning other
commands on connections, see the hosts_options(5) manpage for
more details.
FACILITY = LOG_DAEMON
SEVERITY = LOG_INFO
TCP Wrappers logs as daemon.info (rather than mail.info).
This is a change from earlier cygwin releases of tcp_wrappers.
VSYSLOG =
cygwin has vsyslog built in, since 1.5.6/2004Jan19
(patch applied 2003Sep29)
UMASK = -DDAEMON_UMASK=022
NETGROUP =
RFC931_TIMEOUT = 10
ACCESS = -DHOSTS_ACCESS
TABLES = -DHOSTS_DENY=\"/etc/hosts.deny\"
-DHOSTS_ALLOW=\"/etc/hosts.allow\"
KILL_OPT = -DKILL_IP_OPTIONS
LIBS = -lresolv
As it turns out, this library is unecessary and does not
impose an additional runtime dependency. However, I left
it in as a build dependency for now.
EXTRA_CFLAGS = -DSYS_ERRLIST_DEFINED -Dsys_errlist=_sys_errlist
-Dsys_nerr=_sys_nerr -DHAVE_STRERROR -DHAVE_STRONGSYMS
STRONGSYMS: the cygwin versions of cygwrap-0.dll AND libwrap.a
(that is, both the DLL and static library) explicitly provide
int deny_severity
int allow_severity
symbols. This means that clients must NOT define their own
versions of these symbols, as is the practice on *nix systems.
Instead, clients should rely on the /declaration/ provided in
tcpd.h:
extern int deny_severity;
extern int allow_severity;
This may require code changes in clients that link against
libwrap, but it was a necessary API change to enable DLL
builds on cygwin.
:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:
Enjoy!
--
Chuck
====================================================================
To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page. This downloads setup.exe to your
system. Then, run setup and answer all of the questions.
*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***
If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there. It will be in the format:
[EMAIL PROTECTED]
If you need more information on unsubscribing, start reading here:
http://sources.redhat.com/lists.html#unsubscribe-simple
Please read *all* of the information on unsubscribing that is available
starting at this URL.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
