Changes to hosts.allow do no affect to inetd daemons some times

Matthew Seaman m.seaman at infracaninophile.co.uk
Mon Jun 2 00:21:34 PDT 2003 

On Mon, Jun 02, 2003 at 05:26:15AM +0200, Alexander wrote:
>  Hello !
> 
>  Sometimes when I change my /etc/hosts.allow and kill and start again
> inetd, there is no difference. It's like I haven't edited
> /etc/hosts.allow. If I continue making changes and stop/start inetd there
> are no affections to the inetd daemons, they allow or deny as
> /etc/hosts.allow isn't modified since inetd was first started after the
> system bootstrapped.
> So what I do now is edit /etc/hosts.allow and then reboot. (Pretty ugly)
> But I noticed that this happens only to the /etc/inetd.conf daemons.
> Stand alone daemons like sshd haven't got such problem the changes occur
> immediately.

You don't need to restart inetd(8) when you edit /etc/hosts.allow.
TCP wrappers will immediately pick up any changes to that file and
apply them to all subsequent processes connecting to a wrapped
service.

You are probably seeing the effect of persistent connections: either
connections that are still ongoing or processes spawned by inetd
marked as 'wait', which take over the socket and can accept new
connections if they happen to be running already.  Since the TCP
wrappers function is provided by inetd, it can only be applied at the
point that incoming network traffic causes inetd to start up the
wrapped process.  Generally processes managed by inetd are fairly
short lived but there are occasional exceptions: nmbd from the samba
suite always seems to start up one time and then run continuously for
ever after.

Note that long running services with the TCP wrappers functionality
compiled in to them (sendmail, sshd etc) will pick up changes to
hosts.allow instantaneously. Of course, samba software is itself
generally linked against TCP wrappers in exactly this manner.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20030602/665b21fe/attachment.bin

More information about the freebsd-questions mailing list