/usr/share/doc/ipsvd/examples.html is in ipsvd 1.0.0-3.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>
<head>
<title>ipsvd - examples</title>
</head>
<body>
<a href="http://smarden.org/pape/">G. Pape</a><br>
<a href="index.html">ipsvd</a><br>
<hr>
<h1>ipsvd - examples</h1>
<hr>
<a href="#tcp">TCP/IP services</a><br>
<a href="#udp">UDP/IP services</a><br>
<a href="#instruct"><i>ipsvd</i> instructions</a><br>
<hr>
<h3><a name="tcp">TCP/IP service examples</a></h3>
This <tt>run</tt> script provides an <i>identd</i> service on
<tt>0.0.0.0:113</tt>
<pre>
#!/bin/sh
exec tcpsvd -l0 0 113 identd
</pre>
This <tt>run</tt> script provides a
<a href="http://untroubled.org/mailfront/">smtpfront-qmail</a> service on
<tt>192.168.2.1:25</tt>, with per-host instructions through the constant
database <tt>./peers.cdb</tt>.
<pre>
#!/bin/sh
exec 2>&1
MAXSMTPD="`cat /var/qmail/control/concurrencyincoming`"
exec softlimit -m2000000 \
env SMTPGREETING=smarden.org \
MAILRULES=/etc/mailfront/smtp/mailrules \
tcpsvd -vp -uqmaild -c"$MAXSMTPD" -x./peers.cdb 192.168.2.1 25 \
smtpfront-qmail
</pre>
This <tt>run</tt> script provides a
<a href="http://www.bincimap.org/">bincimaps</a> service on
<tt>10.0.0.14:993</tt>, with per-host concurrency limit, and with per-host
instructions through the directory <tt>./peers</tt>.
<pre>
#!/bin/sh
exec 2>&1
exec tcpsvd -vvp -c40 -C10 -l0 -i./peers 10.0.0.14 993 \
bincimap-up --logtype=multilog --conf=/etc/bincimap/bincimap.conf --ssl -- \
/usr/bin/checkpw /usr/sbin/bincimapd
</pre>
This <tt>run</tt> script provides a
<a href="http://www.bincimap.org/">bincimaps</a> service on
<tt>10.0.0.14:993</tt>, but using the <a href="sslio.8.html">sslio</a>
program, and so the <a href="http://www.matrixssl.org/">matrixssl</a>
library, instead of <tt>bincimap</tt>'s builtin <tt>OpenSSL</tt> support.
<pre>
#!/bin/sh
exec 2>&1
exec tcpsvd -v -c40 -l0 10.0.0.14 993 \
sslio -vv -C/imapd.pem -unobody -//etc/bincimap/bincimaps/jail \
bincimap-up --conf=/etc/bincimap/bincimap.conf -a -- \
/usr/bin/checkpw /usr/sbin/bincimapd
</pre>
This <tt>run</tt> script provides a
<a href="http://www.qmail.org/">qmail-smtpd</a> service on
<tt>192.168.14.6:25</tt>, with per-host concurrency limit, and with per-host
instructions through the directory <tt>./peers</tt>.
<pre>
#!/bin/sh
exec 2>&1
exec softlimit -m2000000 \
tcpsvd -vvh -i./peers -uqmaild \
-c40 -C'10:421 per host concurrency limit reached\r\n' \
192.168.14.6 25 qmail-smtpd
</pre>
This <tt>run</tt> script provides a
<a href="http://www.fefe.de/fnord/">fnord</a> <tt>https</tt> service on
<tt>10.0.5.4</tt>.
<pre>
#!/bin/sh
exec 2>&1
cd /public/10.0.5.4
exec chpst -m300000 -Uwwwuser tcpsvd -v 10.0.5.4 443 \
sslio -v -unobody -//etc/fnord/jail -C./cert.pem fnord
</pre>
<hr>
<h3><a name="udp">UDP/IP service examples</a></h3>
This <tt>run</tt> script provides a <i>talkd</i> service on
<tt>192.168.1.1:517</tt>
<pre>
#!/bin/sh
exec udpsvd -unobody:tty 192.168.1.1 517 in.talkd
</pre>
This <tt>run</tt> script provides a <i>tftpd</i> service on
<tt>0.0.0.0:69</tt> with per-IP-address instructions through the directory
<tt>/etc/tftpd/peers</tt>
<pre>
#!/bin/sh
cd /
exec 2>&1
exec udpsvd -v -lbootserver -unobody -i/etc/tftpd/peers 0 69 \
in.tftpd -s /boot/tftpboot/
</pre>
<hr>
<h3><a name="instruct"><i>ipsvd</i> instruction examples</a></h3>
This <tt>run</tt> script provides a <i>telnetd</i> TCP/IP service, with
per-IP-address <a href="ipsvd-instruct.5.html">instructions</a> through the
directory <tt>./peers</tt>
<pre>
#!/bin/sh
exec tcpsvd -i./peers 0.0.0.0 23 in.telnetd
</pre>
Per default any client IP address is allowed to connect to this service.
To allow connections from <tt>192.168.1.17</tt>, and to deny connections
from anywhere else, do
<pre>
# touch ./peers/192.168.1.17; chmod 644 ./peers/192.168.1.17
# touch ./peers/0; chmod 0 ./peers/0
</pre>
To allow connections from <tt>192.168.3.0-255</tt>, do
<pre>
# touch ./peers/192.168.3; chmod 644 ./peers/192.168.3
</pre>
To deny connections from <tt>10.0.*.*</tt> explicitly, do
<pre>
# touch ./peers/10.0; chmod 0 ./peers/10.0
</pre>
To have <tt>TRUST=true</tt> set in the environment when running
<i>in.telnetd</i> for a connection from <tt>192.168.14.2</tt>, do
<pre>
# echo '+TRUST=true' >./peers/192.168.14.2; chmod 644 ./peers/192.168.14.2
</pre>
To provide a <i>sshd</i> login for connections from <tt>10.2.0.14</tt> on
port 23,
and the usual <i>telnetd</i> service for all others, do
<pre>
# echo 'sshd -i' >./peers/10.2.0.14; chmod 744 ./peers/10.2.0.14
</pre>
To allow only connections from IP addresses the (dynamic) hostnames
<tt>floyd.dyn.smarden.org</tt> and <tt>greg.dyn.smarden.org</tt> currently
resolve to, do
<pre>
# echo '=floyd.dyn.smarden.org' >./peers/0
# echo '=greg.dyn.smarden.org' >>./peers/0
# chmod 644 ./peers/0
</pre>
See <a href="ipsvd-instruct.5.html">ipsvd instructions</a> for details.
<hr>
<address><a href="mailto:pape@smarden.org">
Gerrit Pape <pape@smarden.org>
</a></address>
</body>
</html>
|