[leafnode-list] Re: xinetd on centos 7 install
Matěj Cepl
mcepl at cepl.eu
Fri Jul 17 23:33:53 CEST 2015
On 2015-07-17, 18:07 GMT, Matěj Cepl wrote:
> That’s a great question. I have no idea about the answer though.
I have asked on #systemd on FreeNode and this is what I got:
mcepl: Hi, I have switched my leafnode2 installation from
xinetd to systemd for port-activated service) and now
I wonder about how to make systemd recognize and follow
/etc/hosts.{deny,allow}. That doesn't work right? Are
there any other ACLs for systemd-run services?
grawity: there's iptables/nftables
zdzichu: tcpwrappes support was removed some time ago
dreisner: ...thankfully
grawity: alternatively, use "ExecStart=@/usr/bin/tcpd
/usr/bin/leafnode2", like in the early days of
tcpwrappers
zdzichu: grawity: '@'?
grawity: argv[0]
grawity: like in traditional inetd.conf you'd specify the
executable and argv[0] separately
grawity: so IIRC tcpd made use of that
mcepl: grawity: thanks ... that seems like a bit missing
part of systemd to me, but thanks for the workaround.
grawity: it's intentionally missing, yes
***mcepl will rather shut up
I have later emphasized that I don’t necessarily fight for
tcpwrappers themselves (somebody noticed that even OpenSSH
doesn’t support it anymore), but I’ve got no reply on that.
I think there is a point in the notice about iptables/nftables.
I don’t think I will put the above line into Fedora/RHEL
leafnode packages.
Best,
Matěj
--
http://www.ceplovi.cz/matej/, Jabber: mcepl at ceplovi.cz
GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC
Roses are red;
Violets are blue.
I'm schizophrenic,
And so am I.
More information about the leafnode-list
mailing list