Is there a way to see which services in Slackware can be monitored by the inetd.conf file?
My reason for asking is: I thought
that the hosts.allow & hosts.deny files were referenced by the inetd.conf & it's respective daemon, and
they were called/referenced before the IP tables. But apparently either I am doing something wrong, or I am mis-understanding it's applicability.
But I believed this to be the case as even the sendmail daemon & the ident daemon's that get fired up with the inetd are visible from a portscan from a different lan box even though you tell the firewall/IP tables to block them.
We can see in the /etc/services file it lists all the servers & respective ports that can be listed in the hosts.allow/deny & inetd.conf files.
In an attemp to try and utilize these tcp wrapper's, I wanted to tweak my /etc/hosts.allow/deny for samba as a test to see if I am using Slack's daemon's correctly. However, the inetd daemon fails on a server such as samba, well for me at least and I can't figure it out. I actually don't run samba but since it's a service already listed in the inetd.conf file I thought this would be a good daemon to play with and learn.
Now for the nfs daemon's they work really well with the inetd & hosts files. You simply add your exports, uncomment the daemons in the inetd.conf file, chmod - x the /etc/rc.d/rc.nfsd and you're now controlled by hosts.allow/deny. So here the tcp wrapper inetd works.
But if I take from the /etc/services file the name of the daemons that are used for samba. I chmod -x the /etc/rc.d/rc.samba and put the following into my hosts.allow:
and I un-comment the daemon's for samba in the inetd.conf file, and then restart my computer; the inetd file does in fact start samba, I can establish connections from a windows box to the linux box using the IP above.
a simple netstat -elp shows the above are controlled by inetd
BUT....if I change the ip address in windows box to something else than what's in my allow, in theory it should not work...but it does see the computer and the samba still works and I thought it's not supposed to? I thought it should have been blocked.
Now am I failing because I'm using the same user name / password in the windows box as the smbpasswd in the pass backend for samba?
I have the ident daemon turned off completely, could that be it?
I even flushed the IP/tables to make sure there was nothing welcoming all traffic from lan.
It appears the only way to setup Samba to analyze on a per lan IP basis is the /etc/samba/smb.conf file?
I see that many web-site's indicated that samba performs better when started by the initialization scripts in /etc/rc.d Maybe this is a poor example daemon for me to learn with?
How do I know which other daemons on my box will TRULY get honored by /etc/hosts.allow-.deny in slackware?