On Thu, Feb 12, 2004 at 01:24:26PM -0500, Josh Koffman wrote:
> AHA! I had a feeling something like this was happening...I just didn't
> know that hosts.allow and hosts.deny were only used by inetd. So, I took
> your advice and looked into ipchains. Sure enough, it'll do what I need,
> and true to form with my luck, it's not compiled into my kernel.

It doesn't have to be IIRC. You can use a module. I don't think I have any
2.2 kernel machines available anymore, so I can't be certain though.

>
> I'm now looking into finding a precompiled kernel with it in (2.2.x),
> and while there are a bunch on the debian site, I can't figure out
> wether they have ipchains compiled in.

You may have a tough time finding a site with the right kernel.

> I'm really trying to avoid having
> to recompile my kernel, it will take a long time on this machine, and I
> don't have another machine handy that can do it. Plus I haven't
> recompiled a kernel for years and I don't want to risk screwing up this
> machine. As always, this needs to be fixed asap.

Check you modules directory /lib/modules/2.2.20/net/ipv4. The modules you
need may be there.

>
> So, does anyone know of a precompiled 2.2 kernel with ipchains in for
> Debian? I think the kernel-image-2.2.20 (no suffix) might have it, but
> I'm not sure. Alternatively, is there a way to get inetd to call exim
> (my SMTP daemon)? That way I could handle everything using hosts.allow
> and hosts.deny in the short term, and recompile my kernel and use
> ipchains in a little while without worrying.

Google, yung grasshoppa, Google. Pop "exim inetd tcpd" into Google Groups and
you get immediate benefits.

BAJ

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics