From owner-FreeBSD-users-jp@jp.freebsd.org  Fri Sep 24 18:38:51 1999
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id SAA62083;
	Fri, 24 Sep 1999 18:38:51 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from pixy.issp.u-tokyo.ac.jp (pixy.issp.u-tokyo.ac.jp [157.82.115.45])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with SMTP id SAA62076
	for <FreeBSD-users-jp@jp.freebsd.org>; Fri, 24 Sep 1999 18:38:50 +0900 (JST)
	(envelope-from ueta@pixy.issp.u-tokyo.ac.jp)
Received: (qmail 15749 invoked from network); 24 Sep 1999 09:43:20 -0000
Received: from localhost (127.0.0.1)
  by localhost with SMTP; 24 Sep 1999 09:43:20 -0000
To: FreeBSD-users-jp@jp.freebsd.org
Cc: ueta@pixy.issp.u-tokyo.ac.jp
In-Reply-To: Your message of "Fri, 24 Sep 1999 15:45:38 +0900"
	<492567F6.00241631.00@notes.kofujoho>
References: <492567F6.00241631.00@notes.kofujoho>
X-Mailer: Mew version 1.93 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <19990924184318Q.ueta@pixy.issp.u-tokyo.ac.jp>
Date: Fri, 24 Sep 1999 18:43:18 +0900
From: Ueta Masateru <ueta@pixy.issp.u-tokyo.ac.jp>
X-Dispatcher: imput version 980905(IM100)
Lines: 70
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990727
X-Sequence: FreeBSD-users-jp 45947
Subject: [FreeBSD-users-jp 45947] Re: TCP Wrapper 7.6
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: ueta@pixy.issp.u-tokyo.ac.jp

$B$3$s$K$A$O?"ED$G$9!#(B
From: Kazumi_Moriya/kofujoho@kofujoho.co.jp
Subject: [FreeBSD-users-jp 45942] TCP Wrapper 7.6
Date: Fri, 24 Sep 1999 15:45:38 +0900
Message-ID: <492567F6.00241631.00@notes.kofujoho>
> FreeBSD 3.2-RELEASE $B$G(B TCP Wrapper 7.6 $B$r;HMQ$7$F$$$^$9!#(B

FreeBSD-3.2R $B$N(B inetd $B$O(B tcpwrapper $B$N5!G=$r<h$j9~$s$G$$$?$h$&$J5$$,$9(B
$B$k$N$G!"$"$i$?$a$F(B TCP wrapper 7.6 $B$rF3F~$9$kI,MW$,$"$k$N$+$J!D!"$H$$(B
$B$&5$$,$9$k$N$G$9$,!#(B

$B4WOC5YBj(B

> hosts.allow $B$r0J2<$N$h$&$K5-=R$7!"(Bother.other-domain.co.jp
> $B$+$i(B my-domain.co.jp $B$N%[%9%H$X(B telnet $B$r$+$1$k$HCF$+$l$F(B
> $B$7$^$$$^$9!#(B

$B$H$$$&$3$H$J$N$G$9$,!"(B
> hosts.allow $B$rJT=8$7$?:]$K$O!"(Binetd $B$r(B kill $B$7$F$+$i!"(B
> $B:FEY5/F0$7$F$$$^$9$,!"CF$+$l$F$7$^$$$^$9!#(B

$B$H$$$&5-=R$r8+$k8B$j(B
1. hosts.allow $B$^$?$O(B hosts.deny $B$NIT6q9g(B
2.$B$=$NB>$NLdBj(B($B$?$@$7!"(B TCP Wrapper $B<+BN$O@5>o$KF0:n$7$F$$$k(B)
$B$N2DG=@-$r9M$($k$N$,BEEv$=$&$G$9$M!#(B

$B$H$$$&$3$H$G;W$$$D$/$H$3$m$r!"$$$/$D$+Ns5s$7$F$$$-$^$9(B

1.TCP Wrapper $B$,F0:n$7$F$$$k5!3#$+$i!"(B
nslookup other.other-domain.co.jp
$B$H$7$F!"$-$A$s$H5!3#$NL>A0$,0z$1$F$$$^$9$+!)!#$3$l$,=PMh$F$$$J$$$H(B
> telnetd : other.other-domain.co.jp : allow
$B$K$O3:Ev$7$J$$$3$H$K$J$j$^$9!#$@$+$i!"<i20$5$s$,<!$N$h$&$K8f=q$-$K$J$i(B
$B$l$F$$$k9T(B
> ALL : ALL : deny
$B$K(B match $B$9$k$3$H$K$J$j$^$9!#$=$7$F!"(Baccess $B$O5qH]$5$l$k$3$H$K$J$j$^$9!#(B

2./etc/hosts.deny,allow $B$N=q$-J}$O$"$C$F$$$^$9$+!)(B
$B<j85$K$"$k!"(B/etc/hosts.deny $B$H$+$r8+$k$H(B
>ALL: ALL EXCEPT .hogehoge.org:
$B$H$$$&$h$&$J=q<0$G=q$+$l$F$$$k$N$G$9$,!D(B
#$BBh0l(B field $B$,!"(Bprogram ,$BBhFs(B field $B$,@\B3$rMW5a$7$F$-$?5!3#$NL>A0(B,$BBh(B
#$B;0(B field $B$,!"$"$k>r7o$rK~$7$?;~$K9T$J$o$l$k=hM}$NFbMF!"$K$J$j$^$9!#(B

> telnetd : other.other-domain.co.jp : allow

$B;dN.$N=q$-J}$G!"<i20$5$s$N8f=q$-$K$J$i$l$?Nc$r2r<a$9$k$H!D(B
$B!V(Btelnetd $B$N5/F0$r(B other.other-domain.co.jp $B$+$i0MMj$5$l$?$i(B allow $B$r(B
$B<B9T!W$9$k!"$H$$$&$h$&$K2r<a$G$-$k$N$G$9$,!"$3$l$G59$7$$$N$G$9$+!)(B

#$BK\Ev$O(B /etc/hosts.allow $B$H$+$N5-=RJ}K!$r!"J88%$H$+$+$i0zMQ$9$l$PNI$$(B
#$B$N$G$7$g$&$,<j85$K;qNA$,L5$$$N$G!"Q(1[$J$,$i;d$N<j85$NNc$r0z$+$;$F$$(B
#$B$?$@$-$^$7$?(B

$BL^O@!"$3$NItJ,$NJ8K!$H$+JQ$o$C$F$$$k2DG=@-$bBg$J$N$G!"$-$A$s$H$7$?=q(B
$B@R$J$I$G$43NG'2<$5$$(B

$B$H$j$"$($:$O2?$,5/$-$F$$$k$N$+$rCN$k$3$H$,2r7h$N$?$a$NBg$-$J0lJb$K$J$k(B
$B$H;W$$$^$9!#$H$$$&$3$H$G!"$=$N$?$a$K(B
1.tcpdchk $B$r;H$C$F(B /etc/hosts.allow $B$H(B /etc/hosts.deny $B$K8m$j$,L5$$$3(B
$B$H$rD4$Y$k(B
2.tcpdmatch $B$r;H$C$F(B telnetd $B$KBP$7$F!"(Bother.other-company.co.jp $B$+$i(B
$B$N@\B3$,$I$N$h$&$K=hM}$5$l$k$+$rD4$Y$k(B
3.syslog $B$H$+$r8+$F!"$I$N$h$&$J$3$H$,5/$-$F$$$k$N$+$rD4$Y$k(B

$B$H$$$&$N$,59$7$$$N$G$O$J$$$G$7$g$&$+!D(B

$B$G$O$G$O(B
----
$B?"ED(B $B@551(B(ueta@pixy.issp.u-tokyo.ac.jp)
