Hi
I have a couple of daemons that listen on ssl sockets using IO::Socket::SSL. So they do their own listening and don't use (x)inetd. For this reason, they don't automatically inherit the benefits of tcpwrappers. I could do some filtering of my own fairly easily, but I wanted the transparency of doing it through hosts.deny and hosts.allow
I've read the page on Net::TCPwrappers and tried various things, most of which cause no errors, but none of which actually return a negative response from the call to hosts_access.
I suspect that the difficulty I am having is related to my lack of familiarity with the underlying TCPwrappers library and also trouble with marrying up the values from IO::Socket::SSL with the ones required by Net::TCPwrappers. For what it's worth, this is the code that currently isn't working:
my $sock; print "Starting to listen on $setup{CAPSportS}\n"; if(!($sock = IO::Socket::SSL->new( Listen => 5, LocalAddr => $setup{MYaddr}, LocalPort => $setup{CAPSportS}, Proto => 'tcp', SSL_verify_mode => 0x01, SSL_cert_file => 'certs/capscert.pe +m', SSL_key_file => 'certs/capspk.pem' +, SSL_ca_file => 'certs/cacert.pem', Reuse => 1, )) ) { print "unable to create socket: ", &IO::Socket::SSL::errstr, "\ +n"; exit(0); } MAIN_LOOP: while ( $TRUE ) { $nn = ''; my $s; if ( ( $s = $sock->accept() ) ) { # check TCPWrappers to find out if we want to look at this my $req = request_init(RQ_DAEMON, $setup{CAPSport}, RQ_FILE, $ +sock->fileno()); # I've tried supplying the progname instead of the # port there if ( ! defined($req) ) { die "Bad call to request_init\n"; } fromhost($req); if ( hosts_access($req) ) { handle_one($s); }else { close($s); }
Looking around the interwebs I get the distinct feeling that I'm the only person standing in this particular room. Has anyone got some working perl that uses TCPwrappers that they could show me??
In reply to Using TCPwrappers by mungohill
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |