freebsd-dev

d/freebsd-dev

Fork 0

Commit Graph

Author	SHA1	Message	Date
Yoshinobu Inoue	8053080cbc	Missing tcp_wrapper IPv6 support seemed to be a bug, so commit it. Now when tcp_wrapper is enabled by inetd -wW, several accesses which should be permitted are refused only for IPv6, if hostname is used to decide the host to be allowed. IPv6 users will be just upset. About security related concern. -All extensions are wrapped by #ifdef INET6, so people can completely disable the extension by recompile libwrap without INET6 option. -Access via IPv6 is not enabled by default. People need to enable IPv6 access by changing /etc/inetd.conf at first, by adding tcp6 and/or tcp46 entries. -The base of patches are from KAME package and are actually daily used for more than a year in several Japanese IPv6 environments. -Patches are reviewed by markm. Approved by: jkh Submitted by: Hajimu UMEMOTO <ume@mahoroba.org> Reviewed by: markm Obtained from: KAME project	2000-02-03 10:27:03 +00:00
Sheldon Hearn	99abb2876d	Add the ``blacklist'' feature, which allows a path to a filename to be used as a valid pattern in the access control language. Patch obtained from ftp://ftp.porcupine.org/pub/security/ . Requested by: markm	1999-09-21 09:09:57 +00:00
Mark Murray	2aef693010	Clean import of TCP-wrappers by Wietse Venema. Rest of build to follow.	1999-03-14 17:13:19 +00:00

Author

SHA1

Message

Date

Yoshinobu Inoue

8053080cbc

Missing tcp_wrapper IPv6 support seemed to be a bug, so commit it.

Now when tcp_wrapper is enabled by inetd -wW,
  several accesses which should be permitted are refused only for IPv6,
  if hostname is used to decide the host to be allowed.
  IPv6 users will be just upset.

  About security related concern.
    -All extensions are wrapped by #ifdef INET6, so people can completely
     disable the extension by recompile libwrap without INET6 option.
    -Access via IPv6 is not enabled by default.
     People need to enable IPv6 access by changing /etc/inetd.conf at first,
     by adding tcp6 and/or tcp46 entries.
    -The base of patches are from KAME package and are actually daily used
     for more than a year in several Japanese IPv6 environments.
    -Patches are reviewed by markm.

Approved by: jkh

Submitted by: Hajimu UMEMOTO <ume@mahoroba.org>
Reviewed by: markm
Obtained from: KAME project

2000-02-03 10:27:03 +00:00

Sheldon Hearn

99abb2876d

Add the ``blacklist'' feature, which allows a path to a filename to

be used as a valid pattern in the access control language.

Patch obtained from ftp://ftp.porcupine.org/pub/security/ .

Requested by:	markm

1999-09-21 09:09:57 +00:00

Mark Murray

2aef693010

Clean import of TCP-wrappers by Wietse Venema.

Rest of build to follow.

1999-03-14 17:13:19 +00:00

3 Commits