tcpwrappers (V7.6+IPv6) (Under construction)


AIX

Compilation (3.2)

Adjust the Makefile so that the AIX definitions become active. Note that AIX 3.2 only supports IPv4, thus disable the IPV6 definition. Then:
make clean
make
             # for installation in some temporary directory:
mkdir -p /tmp/tcp_wrappers-7.6/bin
mkdir -p /tmp/tcp_wrappers-7.6/man/man3
mkdir -p /tmp/tcp_wrappers-7.6/man/man5
mkdir -p /tmp/tcp_wrappers-7.6/man/man8
cp tcpd tcpdchk tcpdmatch safe_finger try-from /tmp/tcp_wrappers-7.6/bin
cp tcpd.8 tcpdchk.8 tcpdmatch.8 /tmp/tcp_wrappers-7.6/man/man8
cp hosts_access.5               /tmp/tcp_wrappers-7.6/man/man5
cp hosts_access.3               /tmp/tcp_wrappers-7.6/man/man3

Compilation (4.x)

  1. Unpack the sources, e.g.:
    gunzip -c tcp_wrappers_7.6-ipv6.1.tar.gz | tar xvf -
    cd tcp_wrappers_7.6-ipv6.1
    
  2. adjust the Makefile for IPv6
  3. compile (executables: tcpd, safe_finger, tcpdchk, tcpdmatch, try-from)
  4. rename all the executables eg. tcpd to tcpd6
  5. adjust the Makefile for IPv4
  6. compile (executables: tcpd, safe_finger, tcpdchk, tcpdmatch, try-from)
  7. rename all the executables eg. tcpd to tcpd4
  8. copy tcpd6, safe_finger6, tcpdchk6, tcpdmatch6, try-from6 and the IPv4-versions to /local/bin
  9. create links in /local/bin eg tcpd -> tcpd4 (at the moment the IPv4 executables are default for command line calls)
  10. edit /etc/inetd.conf:
    The third column shows whether IPv6 or IPv4 is used for a service. tcp or udp means IPv4 is used. tcp6 or udp6 means IPv6 is used. Insert the tcp-wrapper daemon for the IP-version used in the 6-th column, eg:
    ftp  stream  tcp6  nowait  root  /local/bin/tcpd6  ftpd
  11. to start immediately: refresh -s inetd
these are the commands:
gzip -dc tcp_wrappers_7.6-ipv6.1.tar.gz | tar xf -
cd tcp_wrappers_7.6-ipv6.1
EDIT the Makefile.aix6 for IPv6
ln -fs Makefile.aix6 Makefile
make aix
mv safe_finger safe_finger6
mv tcpd tcpd6
mv tcpdchk tcpdchk6
mv tcpdmatch tcpdmatch6
mv try-from try-from6
mv libwrap.a libwrap6.a
cp tcpd.h /local/include
cp libwrap6.a /local/lib
cp safe_finger6 /local/bin
cp tcpd6 /local/bin
cp tcpdchk6 /local/bin
cp tcpdmatch6 /local/bin
cp try-from6 /local/bin
EDIT Makefile.aix4 for IPv4
ln -fs Makefile.aix4 Makefile
make aix
mv libwrap.a libwrap4.a
mv safe_finger safe_finger4
mv tcpd tcpd4
mv tcpdchk tcpdchk4
mv tcpdmatch tcpdmatch4
mv try-from try-from4
cp libwrap4.a /local/lib
cp safe_finger4 /local/bin
cp tcpd4 /local/bin
cp tcpdchk4 /local/bin
cp tcpdmatch4 /local/bin
cp try-from4 /local/bin
make clean
cd /local/lib
ln -fs libwrap4.a libwrap.a
ln -fs safe_finger4 safe_finger
ln -fs tcpd4 tcpd
ln -fs tcpdchk4 tcpdchk
ln -fs tcpdmatch4 tcpdmatch
ln -fs try-from4 try-from
cd /local/src

HP-UX

9.x

10.x/11.x

HP version installs into /usr/local :-(

Ultrix 4.5

Compilation

  1. Unpack the sources, e.g.:
    gunzip -c tcp_wrappers_7.6-ipv6.1.tar.gz | tar xvf -
    cd tcp_wrappers_7.6-ipv6.1
    
  2. in the Makefile disable IPv6 (not supported by Ultrix):
    # IPV6 = -DHAVE_IPV6 -DUSE_GETHOSTBYNAME2
    
    then
    make ultrix
    

Configuration

tcpwrappers uses two files to deny / allow access. If a connection is refused with
ssh_exchange_identification: Connection closed by remote host (/etc/hosts.allow)
these files have to be adapted as follows (example):
  1. By default, all access is denied in /etc/hosts.deny
    ALL : ALL : severity auth.info
    
  2. Some access may be allowed in /etc/hosts.allow
    ALL: LOCAL
    ALL: .gsi.de
    
    corresponding to all host names w/o a dot or within the specified domain.

Last update: 12-Jul-2011, M.Kraemer E.Rietzel@gsi.de