tcp_wrappers for Debian ----------------------- Extensions: ----------- There are a number of Debian specific changes to TCP wrappers: * libwrap.so.0 is available for dynamic linking. * You can blacklist a whole bunch of hosts at once by specifying a file that contains a list of those hosts instead of just naming a host. See the hosts_access(5) manpage. * You can allow or disallow access to a service depending on the exit status of a program. See the hosts_access(5) manpage. * CIDR support in hosts_access(5) functions. * %r and %R parameters in hosts_access(5) functions. * Servers can be matched by port number other than by process name. * IPv6 support. Library versioning: ------------------- TCP wrappers isn't distributed as a shared library upstream, so the versioning scheme used for TCP wrappers may not match Linux's library versioning scheme. Hence, libwrap has a soname of libwrap0 (version 7.6), instead of libwrap7 (version 6). Build options: -------------- STYLE = "-DPROCESS_OPTIONS -DACLEXEC" Debian TCP Wrappers use the extended syntax for /etc/hosts.allow and /etc/hosts.deny. This particularly affects spawning other commands on connections, see the hosts_options(5) manpage for more details. FACILITY = LOG_DAEMON SEVERITY = LOG_INFO TCP Wrappers logs as daemon.info (rather than mail.info). BUGS = Linux has no bugs. :) VSYSLOG = libc6 has vsyslog built in. UMASK = -DDAEMON_UMASK=022 NETGROUP = -DNETGROUP RFC931_TIMEOUT = 10 ACCESS = -DHOSTS_ACCESS TABLES = -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.al low\" KILL_OPT = -DKILL_IP_OPTIONS EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DHAVE_STRERROR -DHAVE_WEAKSYMS -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len" The options ALWAYS_RFC931, ALWAYS_HOSTNAME and PARANOID have not been enabled because these features can be enabled at runtime. The option APPEND_DOT is not enabled because of compatibility reasons.