-fromhost() doesn't work because the file descriptor isn't available
at this point, see PR bin/6813
-it needs some initialization for libwrap to grok the IP address and/or
host names in its rule files (see PR bin/6831 by Andreas Wrede
<andreas@planix.com>, the fix is different)
Needless to say that libwrap's interface sucks.
point them to options(4) for more details. Also point out that ipf
is necc. for ipnat to function. Oh, and convert ipnat.8 to mandoc
while I was in here... was easier to convert it then rewrite my stuff
after I noticed..
Closes PR# 4813 by Jeff Thieleke
* portmap is now tcp-wrapped (i.e. obeys hosts.{allow,deny})
both for lookups (as `portmap') and for forwarded calls to
specific services.
* the new -l flag, analagous to inetd -l, logs all connections
to portmap.
* the new -s flag causes portmap to suid to the user daemon
after binding it's port, so that outgoing connections do
not come from privileged ports. This prevents users from
using portmap to get a free privileged port.
* portmap now _only_ accepts SETs and UNSETs on the loopback
interface. In the past, anyone in the world could do all
sorts of nasty things to your portmap tables. Note that
our libc already_only_ uses the loopback interface to
register rpc ports.
This work is modeled after/partially taken from Wietse Venema's tcp-
wrapped version of the BSD 4.3 portmap. It has benefitted greatly from my
discussions with Luke, Matt and many others.
permitting users to choose between sendmail and other mail systems with a
simple configuration file change. Not yet turned on -- this is being
committed so people can beat on it.
* always create an "option" section because "named" will complain
otherwise
* don't check if directory exists while converting a "directory"
statement because we might do it on another machine
directives, and add appropriate directives to the zone {} blocks
* change comment delimiter from '//' to '#' (which is more intuitive
for unix config files)
* KNF formatting (single space indenting is hard to read)
checksum of the file in question, optionally preceeded by `0x'.
This has been tested, and does work, AFAICT. There is currently no md5 equivalent
of the '-s' flag for use with checksum.