G. Pape
ipsvd
ipsvd - examples
TCP/IP services
UDP/IP services
ipsvd instructions
This run script provides an identd service on
0.0.0.0:113
#!/bin/sh
exec tcpsvd -l0 0 113 identd
This run script provides a
smtpfront-qmail service on
192.168.2.1:25, with per-host instructions through the constant
database ./peers.cdb.
#!/bin/sh
exec 2>&1
MAXSMTPD="`cat /var/qmail/control/concurrencyincoming`"
exec softlimit -m2000000 \
env SMTPGREETING=smarden.org \
MAILRULES=/etc/mailfront/smtp/mailrules \
tcpsvd -vp -uqmaild -c"$MAXSMTPD" -x./peers.cdb 192.168.2.1 25 \
smtpfront-qmail
This run script provides a
bincimaps service on
10.0.0.14:993, with per-host concurrency limit, and with per-host
instructions through the directory ./peers.
#!/bin/sh
exec 2>&1
exec tcpsvd -vvp -c40 -C10 -l0 -i./peers 10.0.0.14 993 \
bincimap-up --logtype=multilog --conf=/etc/bincimap/bincimap.conf --ssl -- \
/usr/bin/checkpw /usr/sbin/bincimapd
This run script provides a
bincimaps service on
10.0.0.14:993, but using the sslio
program, and so the matrixssl
library, instead of bincimap's builtin OpenSSL support.
#!/bin/sh
exec 2>&1
exec tcpsvd -v -c40 -l0 10.0.0.14 993 \
sslio -vv -C/imapd.pem -unobody -//etc/bincimap/bincimaps/jail \
bincimap-up --conf=/etc/bincimap/bincimap.conf -a -- \
/usr/bin/checkpw /usr/sbin/bincimapd
This run script provides a
qmail-smtpd service on
192.168.14.6:25, with per-host concurrency limit, and with per-host
instructions through the directory ./peers.
#!/bin/sh
exec 2>&1
exec softlimit -m2000000 \
tcpsvd -vvh -i./peers -uqmaild \
-c40 -C'10:421 per host concurrency limit reached\r\n' \
192.168.14.6 25 qmail-smtpd
This run script provides a
fnord https service on
10.0.5.4.
#!/bin/sh
exec 2>&1
cd /public/10.0.5.4
exec chpst -m300000 -Uwwwuser tcpsvd -v 10.0.5.4 443 \
sslio -v -unobody -//etc/fnord/jail -C./cert.pem fnord
This run script provides a talkd service on
192.168.1.1:517
#!/bin/sh
exec udpsvd -unobody:tty 192.168.1.1 517 in.talkd
This run script provides a tftpd service on
0.0.0.0:69 with per-IP-address instructions through the directory
/etc/tftpd/peers
#!/bin/sh
cd /
exec 2>&1
exec udpsvd -v -lbootserver -unobody -i/etc/tftpd/peers 0 69 \
in.tftpd -s /boot/tftpboot/
This run script provides a telnetd TCP/IP service, with
per-IP-address instructions through the
directory ./peers
#!/bin/sh
exec tcpsvd -i./peers 0.0.0.0 23 in.telnetd
Per default any client IP address is allowed to connect to this service.
To allow connections from 192.168.1.17, and to deny connections
from anywhere else, do
# touch ./peers/192.168.1.17; chmod 644 ./peers/192.168.1.17
# touch ./peers/0; chmod 0 ./peers/0
To allow connections from 192.168.3.0-255, do
# touch ./peers/192.168.3; chmod 644 ./peers/192.168.3
To deny connections from 10.0.*.* explicitly, do
# touch ./peers/10.0; chmod 0 ./peers/10.0
To have TRUST=true set in the environment when running
in.telnetd for a connection from 192.168.14.2, do
# echo '+TRUST=true' >./peers/192.168.14.2; chmod 644 ./peers/192.168.14.2
To provide a sshd login for connections from 10.2.0.14 on
port 23,
and the usual telnetd service for all others, do
# echo 'sshd -i' >./peers/10.2.0.14; chmod 744 ./peers/10.2.0.14
To allow only connections from IP addresses the (dynamic) hostnames
floyd.dyn.smarden.org and greg.dyn.smarden.org currently
resolve to, do
# echo '=floyd.dyn.smarden.org' >./peers/0
# echo '=greg.dyn.smarden.org' >>./peers/0
# chmod 644 ./peers/0
See ipsvd instructions for details.
Gerrit Pape <pape@smarden.org>