On Thu, Oct 18, 2012 at 08:26:16PM +0100, Whiskers wrote: > On Thu, 18 Oct 2012 00:03:57 +0200 Thomas Bächler <thomas@xxxxxxxxxxxxx> > wrote: > > >Am 17.10.2012 21:29, schrieb Whiskers: > >> Rather than install tcp-wrappers on my Arch system, I'd like to use > >> whatever the proper "server" is nowadays instead of /usr/sbin/tcpd - but > >> what is it? > > > >Why would you replace tcpd with anything? Does it serve any purpose at > >all? > > Thanks for responding. > > On a system with tcp-wrappers, tcpd is the "server" which launches > leafnode. From man leafnode: > > [...] > > The leafnode program itself is the NNTP server. It is run from > /etc/inetd.conf when someone wants to read news. The other parts of > the package, fetchnews and texpire, are responsible for fetching new > news from another server, and for deleting old news. > > [...] > > No network-level access control is supported. This is a deliberate > omission: Implementing this is a job which should not be redone for > each and every service. > > I recommend that either firewalling or tcpd be used for access control. > > [...] > > Xinetd is the 'new improved' inetd, and the xinetd setup recommended in > the Leafnode tarball's README has tcpd as the "server" and leafnode as > the "server argument", as in the /etc/xinetd.d/nntp file previously quoted. > This of course doesn't work on my Arch system, as tcp-wrappers (and thus, > tcpd) is missing. It's quite simple. Get rid of tcpd as the "server". It's just a wrapper that launches an arbitrary process which doesn't link to libwrap.so so that tcp-wrappers can be used for ACLs. It isn't a requirement -- it's a recommendation. > So I'm trying to work out how to get leafnode available on demand, without > using tcp-wrappers and tcpd, but with ufw, and with the new systemd (I've > uninstalled initscripts from my system). Use inetd-style activation via systemd. See sshd@.service and sshd.socket as an example. xinetd is redundant. d
