On Fri, Feb 10, 2006 at 02:17:13AM +0900, Romain Lenglet wrote: > approx runs as a standalone demon, but does not allow to either filter > connections according to /etc/hosts.allow and /etc/hosts.deny files, nor > to bind to a specific address. > > Filtering according to hosts_access(5) files should be relatively easy, > by using the TCP wrapper library (package libwrap0). > Alternatively, making approx a passive program executed by tcpd (inetd) > or making it able to bind on one or more explicitly specified interfaces > would make it better from a security viewpoint.
Thanks, these are good suggestions. I'll look into this for the next version. Do you have any advice on which approach is better (more flexible for alternate inetd schemes, or more secure, or other criteria)? -- Eric Cooper e c c @ c m u . e d u -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
