I noticed that OpenBSD has decided to include tcpd in thier 
distribution so that a wrapper can be easily installed.  I was 
wondering If we were planning anything like this for netbsd.  If 
not.. let me propose the following solution:

Modify the behavior of the individual daemons to do the reporting by 
themselves.  Have a global config file somewhat like an x-resource in 
the etc dir.  This file would be composed of entries like:

ftpd    permit blah     deny blah       logginglevel#   paranoid(bool)

or even better, following the x method:

ftpd:deny address,address,address,guy@address
telnet:permit address,guy@address
even allowing for stuff like *:deny guy@address

then individual tcp wrapping could be easily managed, from a central 
point, integrated into the daemons so you dont have to run this wierd 
kludge around all your daemons involving tcpd, and it would be very 
simple to set up.  If no /etc/wrappers exists, then wrapper 
functionality would be disabled, or you could disable individual 
daemons by simply not having an appearance for them in the file.

Comments?  Flames?  Welcome.. please, no bullets.




Tim Rightnour - timr@cii.ciinet.com
Communications Integrators Inc
(ph)602-491-1186 (fax)602-491-2195