|
Revision tags: release/14.0.0 |
|
| #
1d9722de |
| 20-Jul-2023 |
Gleb Smirnoff <glebius@FreeBSD.org> |
tcp_wrappers: recognize IPv6 addresses/prefixes
Intentionally or not, but the libwrap was written in such manner that
if your /etc/hosts.allow doesn't have any domain names, neither smart
keywords l
tcp_wrappers: recognize IPv6 addresses/prefixes
Intentionally or not, but the libwrap was written in such manner that
if your /etc/hosts.allow doesn't have any domain names, neither smart
keywords like LOCAL or KNOWN, then it will not try to resolve the
client address during the hosts check. This was achieved with the
NOT_INADDR() check that matched IPv4 addresses/prefixes. Extend this
to also skip resolve if client list token looks like IPv6.
Reviewed by: philip, emaste
PR: 269456
Differential revision: https://reviews.freebsd.org/D40070
show more ...
|
|
Revision tags: release/13.2.0 |
|
| #
14f102ea |
| 21-Mar-2023 |
Ed Maste <emaste@FreeBSD.org> |
tcp_wrappers: Use ANSI (c89) function definitions
Although this code is in contrib/ there is no active upstream.
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Differential Revision: http
tcp_wrappers: Use ANSI (c89) function definitions
Although this code is in contrib/ there is no active upstream.
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36047
show more ...
|
|
Revision tags: release/12.4.0, release/13.1.0 |
|
| #
9b6a8ee2 |
| 13-Feb-2022 |
Piotr Pawel Stefaniak <pstef@FreeBSD.org> |
tcp_wrappers: remove duplicate errno declarations
|
|
Revision tags: release/12.3.0 |
|
| #
4dbd8c72 |
| 30-Sep-2021 |
Kyle Evans <kevans@FreeBSD.org> |
tcp_wrappers: get rid of duplicate fgets declarations
This is declared in stdio.h, no need for this one.
|
|
Revision tags: release/13.0.0, release/12.2.0, release/11.4.0, release/12.1.0 |
|
| #
a63915c2 |
| 28-Jul-2019 |
Alan Somers <asomers@FreeBSD.org> |
MFHead @r350386
Sponsored by: The FreeBSD Foundation
|
| #
068ad27d |
| 18-Jul-2019 |
Brooks Davis <brooks@FreeBSD.org> |
Use ANSI C function definitions and declerations.
Obtained from: CheriBSD
MFC after: 1 week
Sponsored by: DARPA, AFRL
|
|
Revision tags: release/11.3.0, release/12.0.0, release/11.2.0, release/10.4.0, release/11.1.0, release/11.0.1, release/11.0.0, release/10.3.0, release/10.2.0, release/10.1.0, release/9.3.0 |
|
| #
3b8f0845 |
| 28-Apr-2014 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Merge head
|
| #
84e51a1b |
| 23-Apr-2014 |
Alan Somers <asomers@FreeBSD.org> |
IFC @264767
|
| #
485ac45a |
| 04-Feb-2014 |
Peter Grehan <grehan@FreeBSD.org> |
MFC @ r259205 in preparation for some SVM updates. (for real this time)
|
|
Revision tags: release/10.0.0 |
|
| #
f9b2a21c |
| 31-Oct-2013 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Merge head r232040 through r257457.
M usr.sbin/portsnap/portsnap/portsnap.8
M usr.sbin/portsnap/portsnap/portsnap.sh
M usr.sbin/tcpdump/tcpdump/Makefile
|
| #
707dd2b1 |
| 30-Oct-2013 |
Sean Bruno <sbruno@FreeBSD.org> |
Queisce warning about undeclared function usage.
yp_get_default_domain is defined in workaround.c but is not declared
in any header file. Tie the declaration to the same #define conditional
used wh
Queisce warning about undeclared function usage.
yp_get_default_domain is defined in workaround.c but is not declared
in any header file. Tie the declaration to the same #define conditional
used when the function is called, NETGROUP
show more ...
|
| #
5375e4f8 |
| 30-Oct-2013 |
Sean Bruno <sbruno@FreeBSD.org> |
Quiesce warning, which could be a bug IMO, by correctly defining the host_info
structure name
|
| #
46bcf11d |
| 30-Oct-2013 |
Sean Bruno <sbruno@FreeBSD.org> |
Quiesce warnings by updating headerfile includes
|
|
Revision tags: release/9.2.0, release/8.4.0, release/9.1.0, release/8.3.0_cvs, release/8.3.0, release/9.0.0, release/7.4.0_cvs, release/8.2.0_cvs, release/7.4.0, release/8.2.0, release/8.1.0_cvs, release/8.1.0 |
|
| #
934f51ed |
| 25-Mar-2010 |
Maxim Sobolev <sobomax@FreeBSD.org> |
MFC: Allow comment in the middle of the line.
|
|
Revision tags: release/7.3.0_cvs, release/7.3.0 |
|
| #
1a0fda2b |
| 04-Mar-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
IFH@204581
|
| #
d594463f |
| 08-Jan-2010 |
Maxim Sobolev <sobomax@FreeBSD.org> |
Allow comment (#) to be placed anywhere in the line, not only at the
beginning, so it's consistent with other configuration files.
MFC after: 3 weeks
|
|
Revision tags: release/8.0.0_cvs, release/8.0.0, release/7.2.0_cvs, release/7.2.0, release/7.1.0_cvs, release/7.1.0, release/6.4.0_cvs, release/6.4.0, release/7.0.0_cvs, release/7.0.0, release/6.3.0_cvs, release/6.3.0, release/6.2.0_cvs, release/6.2.0, release/5.5.0_cvs, release/5.5.0, release/6.1.0_cvs, release/6.1.0, release/6.0.0_cvs, release/6.0.0 |
|
| #
4f101318 |
| 13-May-2005 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
NI_WITHSCOPEID cleanup. Neither RFC 2553 nor RFC 3493 defines
NI_WITHSCOPEID, and our getaddrinfo(3) does nothing special
for it, now.
|
|
Revision tags: release/5.4.0_cvs, release/5.4.0, release/4.11.0_cvs, release/4.11.0, release/5.3.0_cvs, release/5.3.0, release/4.10.0_cvs, release/4.10.0, release/5.2.1_cvs, release/5.2.1, release/5.2.0_cvs, release/5.2.0, release/4.9.0_cvs, release/4.9.0, release/5.1.0_cvs, release/5.1.0, release/4.8.0_cvs, release/4.8.0, release/5.0.0_cvs, release/5.0.0, release/4.7.0_cvs, release/4.6.2_cvs, release/4.6.2, release/4.6.1, release/4.6.0_cvs, release/4.5.0_cvs, release/4.4.0_cvs, release/4.3.0_cvs, release/4.3.0, release/4.2.0, release/4.1.1_cvs, release/4.1.0 |
|
| #
b208ff84 |
| 14-Jul-2000 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
Add IPv6 scoped address support.
It enables us to control link-local connections by interface like
this:
ALL : [fe80::%ed0]/10 : allow
ALL : [fe80::]/10 : deny
|
|
Revision tags: release/3.5.0_cvs, release/4.0.0_cvs |
|
| #
8053080c |
| 03-Feb-2000 |
Yoshinobu Inoue <shin@FreeBSD.org> |
Missing tcp_wrapper IPv6 support seemed to be a bug, so commit it.
Now when tcp_wrapper is enabled by inetd -wW,
several accesses which should be permitted are refused only for IPv6,
if hostna
Missing tcp_wrapper IPv6 support seemed to be a bug, so commit it.
Now when tcp_wrapper is enabled by inetd -wW,
several accesses which should be permitted are refused only for IPv6,
if hostname is used to decide the host to be allowed.
IPv6 users will be just upset.
About security related concern.
-All extensions are wrapped by #ifdef INET6, so people can completely
disable the extension by recompile libwrap without INET6 option.
-Access via IPv6 is not enabled by default.
People need to enable IPv6 access by changing /etc/inetd.conf at first,
by adding tcp6 and/or tcp46 entries.
-The base of patches are from KAME package and are actually daily used
for more than a year in several Japanese IPv6 environments.
-Patches are reviewed by markm.
Approved by: jkh
Submitted by: Hajimu UMEMOTO <ume@mahoroba.org>
Reviewed by: markm
Obtained from: KAME project
show more ...
|
|
Revision tags: release/3.4.0_cvs |
|
| #
99abb287 |
| 21-Sep-1999 |
Sheldon Hearn <sheldonh@FreeBSD.org> |
Add the ``blacklist'' feature, which allows a path to a filename to
be used as a valid pattern in the access control language.
Patch obtained from ftp://ftp.porcupine.org/pub/security/ .
Requested
Add the ``blacklist'' feature, which allows a path to a filename to
be used as a valid pattern in the access control language.
Patch obtained from ftp://ftp.porcupine.org/pub/security/ .
Requested by: markm
show more ...
|
|
Revision tags: release/3.3.0_cvs, release/3.2.0 |
|
| #
2aef6930 |
| 14-Mar-1999 |
Mark Murray <markm@FreeBSD.org> |
Clean import of TCP-wrappers by Wietse Venema.
Rest of build to follow.
|
| #
5d089cad |
| 14-Mar-1999 |
Mark Murray <markm@FreeBSD.org> |
This commit was generated by cvs2svn to compensate for changes in r44743,
which included commits to RCS files with non-trunk default branches.
|
| #
d594463f |
| 08-Jan-2010 |
Maxim Sobolev <sobomax@FreeBSD.org> |
Allow comment (#) to be placed anywhere in the line, not only at the
beginning, so it's consistent with other configuration files.
MFC after: 3 weeks
|
|
Revision tags: release/8.0.0_cvs, release/8.0.0, release/7.2.0_cvs, release/7.2.0, release/7.1.0_cvs, release/7.1.0, release/6.4.0_cvs, release/6.4.0, release/7.0.0_cvs, release/7.0.0, release/6.3.0_cvs, release/6.3.0, release/6.2.0_cvs, release/6.2.0, release/5.5.0_cvs, release/5.5.0, release/6.1.0_cvs, release/6.1.0, release/6.0.0_cvs, release/6.0.0 |
|
| #
4f101318 |
| 13-May-2005 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
NI_WITHSCOPEID cleanup. Neither RFC 2553 nor RFC 3493 defines
NI_WITHSCOPEID, and our getaddrinfo(3) does nothing special
for it, now.
|
|
Revision tags: release/5.4.0_cvs, release/5.4.0, release/4.11.0_cvs, release/4.11.0, release/5.3.0_cvs, release/5.3.0, release/4.10.0_cvs, release/4.10.0, release/5.2.1_cvs, release/5.2.1, release/5.2.0_cvs, release/5.2.0, release/4.9.0_cvs, release/4.9.0, release/5.1.0_cvs, release/5.1.0, release/4.8.0_cvs, release/4.8.0, release/5.0.0_cvs, release/5.0.0, release/4.7.0_cvs, release/4.6.2_cvs, release/4.6.2, release/4.6.1, release/4.6.0_cvs, release/4.5.0_cvs, release/4.4.0_cvs, release/4.3.0_cvs, release/4.3.0, release/4.2.0, release/4.1.1_cvs, release/4.1.0 |
|
| #
b208ff84 |
| 14-Jul-2000 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
Add IPv6 scoped address support.
It enables us to control link-local connections by interface like
this:
ALL : [fe80::%ed0]/10 : allow
ALL : [fe80::]/10 : deny
|