to strictly
control access to the inetd facilities, there is a package,
ucspi-tcp-0.84.tar.gz, available at
ftp://koobera.math.uic.edu/www/ucspi-tcp.html, that will allow
complete control over individual ports, with logging of the individual
ports. For example, to control telnet, one would put:

    tcpserver -R -v -x /some/directory/tcp.ftp.cdb -u 123 -g 456 \\
        0 ftp /usr/sbin/wu.ftpd 2>&1 | /var/qmail/bin/splogger ftpd 3 &

into /etc/rc.d/rc.inet2. Likewise for ftpd, httpd, smtp, etc. It
requires a tcpserver for each inet facility, and then inetd is not
started in the rc scripts. Each tcpserver and splogger require about
80K bytes of memory to run. Access is controlled by the tcp.ftp.cdb
database which is compiled by tcprules. It is a binary database, and
ftpd lights up very fast. The database can be centralized for all inet
functions, and is fast enough to provide access control for an ISP's
customer base.

John Conover <conover@inow.com>