---

tcp_wrappers-7.6: description + notes

---

The tcpd program can be set up to monitor incoming requests for telnet, finger, ftp, exec, rsh, rlogin, tftp, talk, comsat and other services that have a one-to-one mapping onto executable files.

Operation is as follows: whenever a request for service arrives, the inetd daemon is tricked into running the tcpd program instead of the normal server. tcpd logs the request and does some additional checks. When all is well, tcpd runs the appropriate server program and goes away.

Optional features include pattern-based access control, client username lookups with the RFC 931 protocol, protection against hosts that pretend to have someone else's host name, and protection against hosts that pretend to have someone else's network address.

Utilities (tcpdchk and tcpdmatch) are included to aid writing of /etc/hosts.allow and /etc/hosts.deny files. tcpdmatch does not understand '?' syntax in /etc/inet.conf, so it may generate spurious warnings noting that optional servers were not found.

Note: See /usr/freeware/doc/tcp_wrappers/README for known limitations.

Note: Installing this package does not automatically wrap any daemons. These binaries are compiled for "easy" installation, as described by EXAMPLE 1 in "man tcpd". The real server programs should be moved into a newly created directory named /usr/etc/... (that's three dots -- really!), and replaced by copies of tcpd. While this makes installation easier, it makes upgrading your operating system slightly harder, as the wrappers may need to be re-installed afterwards. Support for the extended access control language described by "man hosts_options" is enabled.

---

NOTE: Developers intending to use this distribution of libwrap for application development should be sure to read the information below. Users installing libwrap for the runtime environment only need not read any further.

---

Developers intending to use this library for development of other freeware packages or their own software applications will need to be familiar with a few peculiarities due to the way that this library is packaged and installed. The reasons for this installation strategy are described further in the fw_common product release notes.

The header files and libraries in this package are installed into /usr/freeware. This means that when building software using this distribution of libwrap you should be sure to do the following:

• Include the following flag on your compile lines:
  

  -I/usr/freeware/include
  

  This flag will cause your compilations to correctly find the library's header files at compile time.

• Include the following flag on your link lines:
  

  -L/usr/freeware/lib   (if using o32 ABI)
  -L/usr/freeware/lib32 (if using n32 ABI)
  -L/usr/freeware/lib64 (if using 64 ABI)
  

  This flag will cause the linker to correctly find the library's archive or shared object files at link time.

• Additionally, include the following flag on your link lines:
  

  -rpath /usr/freeware/lib   (if using o32 ABI)
  -rpath /usr/freeware/lib32 (if using n32 ABI)
  -rpath /usr/freeware/lib64 (if using 64 ABI)
  

  This flag will allow the binary to locate the shared object library files when the application is run. This is required since the shared objects are stored in these /usr/freeware subdirectories which are not searched by the run-time linker by default.

• Finally, if you are building an installable package for inst (contributing to freeware, for example) be sure to make your package depend upon this package. Add the following line to your spec file:

  prereq ( fw_tcp_wrappers.sw.lib 1230000000 1239999900 )
  

Following these guidelines will allow your application to safely and easily use the software in this package.

---

To auto-install this package, go back and click on the respective install icon.

---