[KLUG Members] tcp wrapper

Phillip Hofmeister plhofmei at antiochcomputerconsulting.com
Tue Aug 10 09:00:10 EDT 2004

Previous message: [KLUG Members] tcp wrapper
Next message: [KLUG Members] re: vsftpd server setup
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 08 Aug 2004 at 02:13:09PM -0400, komal wrote:
> what is difference between tcp wrapper and xinetd?

The TCP Wrapper is an additional application level a program runs itself
through for certain Access Controls (Paranoid mode..deny certain
host...etc).  I would recommend using NetFilters (IPTABLES) when
possible for ACLs.  However, IPTABLES knows nothing of DNS, netfilters
does.  So you could more easily allow TELNET:*.msu.edu with TCP
Wrappers than with IPTABLES.  Not to mention TCPWrapper has paranoid DNS
filtering (outside the scope of your question...)

XInetD is an Internet Super Daemon.  It binds itself to listen to
certain ports.  When that port is connect to it calls starts the correct
service to handle the request.  The service must be InetD compatible.
InetD can have a service start when it does (nowait option) or start
only as needed (wait).  The pro of having it start when needed is you
save memory from being used.  The con is your time for initial
connection establishment is slower b/c the service needs to start up.

HTH,

-- 
Phillip Hofmeister

Previous message: [KLUG Members] tcp wrapper
Next message: [KLUG Members] re: vsftpd server setup
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Members mailing list