tcp_wrappers for Debian
-----------------------
Extensions:
-----------
There are a number of Debian specific changes to TCP wrappers:
* libwrap.so.0 is available for dynamic linking.
* You can blacklist a whole bunch of hosts at once by specifying a
file that contains a list of those hosts instead of just naming
a host. See the hosts_access(5) manpage.
* You can allow or disallow access to a service depending on the
exit status of a program. See the hosts_access(5) manpage.
* CIDR support in hosts_access(5) functions.
* %r and %R parameters in hosts_access(5) functions.
* Servers can be matched by port number other than by process name.
* IPv6 support.
Library versioning:
-------------------
TCP wrappers isn't distributed as a shared library upstream, so the
versioning scheme used for TCP wrappers may not match Linux's library
versioning scheme. Hence, libwrap has a soname of libwrap0 (version 7.6),
instead of libwrap7 (version 6).
Build options:
--------------
STYLE = "-DPROCESS_OPTIONS -DACLEXEC"
Debian TCP Wrappers use the extended syntax for /etc/hosts.allow
and /etc/hosts.deny. This particularly affects spawning other
commands on connections, see the hosts_options(5) manpage for
more details.
FACILITY = LOG_DAEMON
SEVERITY = LOG_INFO
TCP Wrappers logs as daemon.info (rather than mail.info).
BUGS =
Linux has no bugs. :)
VSYSLOG =
libc6 has vsyslog built in.
UMASK = -DDAEMON_UMASK=022
NETGROUP = -DNETGROUP
RFC931_TIMEOUT = 10
ACCESS = -DHOSTS_ACCESS
TABLES = -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.al
low\"
KILL_OPT = -DKILL_IP_OPTIONS
EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DHAVE_STRERROR -DHAVE_WEAKSYMS -DINET6=1 -Dss_family=__ss_family -Dss_len=__ss_len"
The options ALWAYS_RFC931, ALWAYS_HOSTNAME and PARANOID have not been
enabled because these features can be enabled at runtime. The option
APPEND_DOT is not enabled because of compatibility reasons.
Generated by dwww version 1.15 on Thu Jun 27 16:32:49 CEST 2024.