From owner-man-jp-reviewer@jp.FreeBSD.org Fri Nov  5 21:56:51 2004
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id iA5Cup882880;
	Fri, 5 Nov 2004 21:56:51 +0900 (JST)
	(envelope-from owner-man-jp-reviewer@jp.FreeBSD.org)
Received: from t-mta7.odn.ne.jp (mfep7.odn.ne.jp [143.90.131.185])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id iA5Cup882875
	for <man-jp-reviewer@jp.FreeBSD.org>; Fri, 5 Nov 2004 21:56:51 +0900 (JST)
	(envelope-from n-kogane@syd.odn.ne.jp)
Received: from kces1.koganemaru.co.jp ([61.201.151.106])
          by t-mta7.odn.ne.jp with ESMTP
          id <20041105125650946.GFNE.217332.t-mta7.odn.ne.jp@mta7.odn.ne.jp>
          for <man-jp-reviewer@jp.FreeBSD.org>;
          Fri, 5 Nov 2004 21:56:50 +0900
Received: (from kogane@localhost)
	by kces1.koganemaru.co.jp (8.8.8/3.6W) id VAA00883;
	Fri, 5 Nov 2004 21:57:21 +0900 (JST)
From: Nobuyuki Koganemaru <n-kogane@syd.odn.ne.jp>
Message-Id: <200411051257.VAA00883@kces1.koganemaru.co.jp>
X-Authentication-Warning: kces1.koganemaru.co.jp: kogane set sender to n-kogane using -f
To: man-jp-reviewer@jp.FreeBSD.org
Reply-To: man-jp-reviewer@jp.FreeBSD.org
Precedence: list
Date: Fri, 5 Nov 2004 21:57:21 +0900
X-Sequence: man-jp-reviewer 4722
Subject: [man-jp-reviewer 4722] tcpd.8
Sender: owner-man-jp-reviewer@jp.FreeBSD.org
X-Originator: n-kogane@syd.odn.ne.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+041021

$B>.6b4]$G$9!#(B

4.10 $B$H(B 5.3-RC2 $B$H$^$C$?$/:9J,$,$J$$(B tcpd.8 $B$rK]Lu$7$^$7$?$N!"Aw$j$^$9!#(B

---- $B$3$3$+$i(B ----
--- tcpd.8.orig	Sun Oct 31 14:30:24 2004
+++ tcpd.8	Thu Nov  4 03:04:06 2004
@@ -1,89 +1,100 @@
+.\" $FreeBSD$
+.\"
 .TH TCPD 8
-.SH NAME
-tcpd \- access control facility for internet services
-.SH DESCRIPTION
-.PP
-The \fItcpd\fR program can be set up to monitor incoming requests for
-\fItelnet\fR, \fIfinger\fR, \fIftp\fR, \fIexec\fR, \fIrsh\fR,
-\fIrlogin\fR, \fItftp\fR, \fItalk\fR, \fIcomsat\fR and other services
-that have a one-to-one mapping onto executable files.
-.PP
-The program supports both 4.3BSD-style sockets and System V.4-style
-TLI.  Functionality may be limited when the protocol underneath TLI is
-not an internet protocol.
-.PP
-Operation is as follows: whenever a request for service arrives, the
-\fIinetd\fP daemon is tricked into running the \fItcpd\fP program
-instead of the desired server. \fItcpd\fP logs the request and does
-some additional checks. When all is well, \fItcpd\fP runs the
-appropriate server program and goes away.
-.PP
-Optional features are: pattern-based access control, client username
-lookups with the RFC 931 etc. protocol, protection against hosts that
-pretend to have someone elses host name, and protection against hosts
-that pretend to have someone elses network address.
-.SH LOGGING
-Connections that are monitored by
-.I tcpd
-are reported through the \fIsyslog\fR(3) facility. Each record contains
-a time stamp, the client host name and the name of the requested
-service.  The information can be useful to detect unwanted activities,
-especially when logfile information from several hosts is merged.
-.PP
-In order to find out where your logs are going, examine the syslog
-configuration file, usually /etc/syslog.conf.
-.SH ACCESS CONTROL
-Optionally,
-.I tcpd
-supports a simple form of access control that is based on pattern
-matching.  The access-control software provides hooks for the execution
-of shell commands when a pattern fires.  For details, see the
-\fIhosts_access\fR(5) manual page.
-.SH HOST NAME VERIFICATION
-The authentication scheme of some protocols (\fIrlogin, rsh\fR) relies
-on host names. Some implementations believe the host name that they get
-from any random name server; other implementations are more careful but
-use a flawed algorithm.
-.PP
-.I tcpd
-verifies the client host name that is returned by the address->name DNS
-server by looking at the host name and address that are returned by the
-name->address DNS server.  If any discrepancy is detected,
-.I tcpd
-concludes that it is dealing with a host that pretends to have someone
-elses host name.
-.PP
-If the sources are compiled with -DPARANOID,
-.I tcpd
-will drop the connection in case of a host name/address mismatch.
-Otherwise, the hostname can be matched with the \fIPARANOID\fR wildcard,
-after which suitable action can be taken.
-.SH HOST ADDRESS SPOOFING
-Optionally,
-.I tcpd
-disables source-routing socket options on every connection that it
-deals with. This will take care of most attacks from hosts that pretend
-to have an address that belongs to someone elses network. UDP services
-do not benefit from this protection. This feature must be turned on
-at compile time.
+.SH $BL>>N(B
+tcpd \- $B%$%s%?!<%M%C%H%5!<%S%9$N$?$a$N%"%/%;%9%3%s%H%m!<%k(B ($B@)8f(B) $B5!G=(B
+.SH $B2r@b(B
+.PP
+\fItcpd\fR $B%W%m%0%i%`$O!"<B9T2DG=$J%U%!%$%k$G(B 1 $BBP(B 1 $B$G%^%C%W$5$l$F$$$k(B
+\fItelnet\fR$B!"(B\fIfinger\fR$B!"(B\fIftp\fR$B!"(B\fIexec\fR$B!"(B\fIrsh\fR$B!"(B
+\fIrlogin\fR$B!"(B\fItftp\fR$B!"(B\fItalk\fR$B!"(B\fIcomsat\fR $B$HB>$N%5!<%S%9(B
+$B$N$?$a$KCe?.$9$k%j%/%(%9%H$r%b%K%?$9$k$?$a$K(B
+$B%;%C%H%"%C%W$9$k$3$H$,$G$-$^$9!#(B
+.PP
+$B%W%m%0%i%`$O(B 4.3BSD $B%9%?%$%k%=%1%C%H$*$h$S(B System V.4 $B%9%?%$%k(B TLI $B$NN>J}(B
+$B$r%5%]!<%H$7$^$9!#(B
+$B%W%m%H%3%k2<It(B TLI $B$,%$%s%?!<%M%C%H%W%m%H%3%k$G$J$$>l9g!"(B
+$B5!G=@-$O@)8B$5$l$F$$$k$+$b$7$l$^$;$s!#(B
+.PP
+$BA`:n(B ($B%*%Z%l!<%7%g%s(B) $B$O<!$N$H$*$j$G$9!#(B
+$B%5!<%S%9$N%j%/%(%9%H$,E~Ce$9$k>l9g$O>o$K!"(B\fIinetd\fP $B%G!<%b%s$O$@$^$5$l$F(B
+$B4uK>$N%5!<%P$NBe$o$j$K(B \fItcpd\fP $B%W%m%0%i%`$r<B9T$7$^$9!#(B
+.\" tricked into = $B$@$^$5$l$F(B
+\fItcpd\fP $B$O%j%/%(%9%H$r%m%0$K5-O?$7!"$$$/$D$+$NDI2C$N%A%'%C%/$r9T$$$^$9!#(B
+$B$9$Y$F$,$&$^$/$$$/>l9g!"(B\fItcpd\fP $B$OE,@Z$J%5!<%P%W%m%0%i%`$r<B9T$7(B
+$B>C$(5n$j$^$9!#(B
+.PP
+$B%*%W%7%g%s$NFCD'$O!"(B
+$B%Q%?!<%s$K4p$E$$$?%"%/%;%9%3%s%H%m!<%k!"(B
+RFC 931 $B$=$NB>$N%W%m%H%3%k$G%/%i%$%"%s%H%f!<%6L>$N8!:w!"(B
+$BC/$+B>$N?M$N%[%9%HL>$r;}$D$h$&$K56$k%[%9%H$+$i$NJ]8n!"(B
+$BC/$+B>$N?M$N%M%C%H%o!<%/%"%I%l%9$r;}$D$h$&$K56$k%[%9%H$+$i$NJ]8n!"(B
+$B$G$9!#(B
+.SH $B%m%.%s%0(B
+.I tcpd
+$B$K$h$C$F%b%K%?$5$l$k@\B3$O(B \fIsyslog\fR(3) $B5!G=$r2p$7$FJs9p$5$l$^$9!#(B
+$B3F%l%3!<%I$O%?%$%`%9%?%s%W!"%/%i%$%"%s%H%[%9%HL>$*$h$SMW5a$5$l$?%5!<%S%9(B
+$B$NL>A0$r4^$s$G$$$^$9$9!#(B
+$BFC$K$$$/$D$+$N%[%9%H$+$i$N(B logfile $B>pJs$,J;9g$5$l$k>l9g!"(B
+$B>pJs$OK>$^$l$J$$3hF0$r8!CN$9$k$N$KJXMx$K$J$j$($^$9!#(B
+.PP
+$BMxMQ<T$N%m%0$,$I$3$K=PNO$5$l$k$+CN$k$?$a$K$O!"(B
+$BDL>o(B /etc/syslog.conf $B$G$"$k!"(Bsyslog $B@_Dj%U%!%$%k$rD4$Y$F$/$@$5$$!#(B
+.SH $B%"%/%;%9%3%s%H%m!<%k(B
+$B%*%W%7%g%s$G!"(B
+.I tcpd
+$B$O!"%Q%?!<%s%^%C%A%s%0$K4p$E$/%"%/%;%9%3%s%H%m!<%k$NC1=c$J(B
+$B7A<0$r%5%]!<%H$7$^$9!#(B
+$B%"%/%;%9%3%s%H%m!<%k%=%U%H%&%'%"$O!"(B
+$B%Q%?!<%s$,H/2P$9$k;~!"(Bshell ($B%7%'%k(B) $B%3%^%s%I$N<B9T$N%[%C%/(B ($B;E3]$1(B)
+$B$r6!5k$7$^$9!#(B
+$B>\:Y$K4X$7$F$O!"(B\fIhosts_access\fR(5) $B%^%K%e%"%k%Z!<%8$r;2>H$7$F$/$@$5$$!#(B
+.SH $B%[%9%HL>$N8!>Z(B
+$B$$$/$D$+$N%W%m%H%3%k(B (\fIrlogin$B!"(Brsh\fR) $B$NG'>Z%9%-!<%`$O%[%9%HL>$K0MB8$7$^$9!#(B
+$B$$$/$D$+$N<BAu$O!"$=$l$i$,G$0U$N%i%s%@%`%M!<%`%5!<%P$+$i(B
+$B<hF@$9$k%[%9%HL>$r?.$8$^$9!#(B
+$BB>$N<BAu$O$h$jCm0U?<$$$,!"7g4Y$N$"$k%"%k%4%j%:%`$r;HMQ$7$^$9!#(B
+.PP
+.I tcpd
+$B$O!"%[%9%HL>$r8!:w$9$k$3$H$K$h$C$F(B
+$B%"%I%l%9(B->$BL>A0(B DNS $B%5!<%P$K$h$C$FJV$5$l$k%/%i%$%"%s%H%[%9%HL>(B
+$B$H!"L>A0(B->$B%"%I%l%9(B DNS $B%5!<%P$K$h$C$FJV$5$l$k%"%I%l%9$r8!>Z$7$^$9!#(B
+$BIT0lCW$,8!CN$5$l$k>l9g!"(B
+.I tcpd
+$B$O$=$l$,C/$+B>$N%[%9%HL>$r;}$D$h$&$K56$k%[%9%H$G=hM}$7$F$$$k$H7kO@$r=P$7$^$9!#(B
+.PP
+$B%=!<%9$,(B -DPARANOID $B$G%3%s%Q%$%k$5$l$k>l9g!"(B
+.I tcpd
+$B$O%[%9%HL>(B/$B%"%I%l%9IT0lCW$N>l9g$N@\B3$rCfCG$7$^$9!#(B
+$B$=$&$G$J$1$l$P!"%[%9%HL>$O!"E,@Z$J=hCV$,<h$i$l$?8e$K(B
+\fIPARANOID\fR $B%o%$%k%I%+!<%I$H0lCW$5$;$k$3$H$,$G$-$^$9!#(B
+.SH $B%[%9%HL>$N$J$j$9$^$7(B ($B%9%W!<%U%$%s%0(B)
+$B%*%W%7%g%s$G!"(B
+.I tcpd
+$B$O!"$=$l$r=hM}$9$k$9$Y$F$N@\B3$G%=!<%9%k!<%F%#%s%0(B
+$B%=%1%C%H%*%W%7%g%s$rITG=$K$7$^$9!#(B
+$B$3$l$O!"C/$+B>$N?M$N%M%C%H%o!<%/$r=jM-$7$F$$$k%"%I%l%9$r;}$D$h$&$K56$k(B
+$B%[%9%H$+$i$[$H$s$I$N967b$r=hM}$7$FJRIU$1$^$9!#(B
+UDP $B%5!<%S%9$O$3$NJ]8n$+$i$NMxE@$O$"$j$^$;$s!#(B
+$B$3$NFCD'$O%3%s%Q%$%k;~$K%*%s$K$7$J$1$l$P$J$j$^$;$s!#(B
 .SH RFC 931
-When RFC 931 etc. lookups are enabled (compile-time option) \fItcpd\fR
-will attempt to establish the name of the client user. This will
-succeed only if the client host runs an RFC 931-compliant daemon.
-Client user name lookups will not work for datagram-oriented
-connections, and may cause noticeable delays in the case of connections
-from PCs.
-.SH EXAMPLES
-The details of using \fItcpd\fR depend on pathname information that was
-compiled into the program.
-.SH EXAMPLE 1
-This example applies when \fItcpd\fR expects that the original network
-daemons will be moved to an "other" place.
-.PP
-In order to monitor access to the \fIfinger\fR service, move the
-original finger daemon to the "other" place and install tcpd in the
-place of the original finger daemon. No changes are required to
-configuration files.
+RFC 931 $B$=$NB>$N8!:w$,(B ($B%3%s%Q%$%k;~%*%W%7%g%s$G(B) $B2DG=$K$J$C$?>l9g!"(B
+\fItcpd\fR $B$O!"%/%i%$%"%s%H%f!<%6$NL>A0$r3NN)$9$k$3$H$r;n$_$k$G$7$g$&!#(B
+$B%/%i%$%"%s%H%[%9%H$,(B RFC 931-$B5,3J%G!<%b%s$r<B9T$9$k>l9g$N$_!"(B
+$B$3$l$O@.8y$7$^$9!#(B
+$B%/%i%$%"%s%H%f!<%6L>$N8!:w$O%G!<%?%0%i%`;X8~$N@\B3$G$OF/$+$:!"(B
+PC $B$+$i$N@\B3$N>l9g$G82Cx$JCY$l$r@8$8$k$+$b$7$l$^$;$s!#(B
+.SH $B;HMQNc(B
+\fItcpd\fR $B$N;HMQ$N>\:Y$O!"%W%m%0%i%`$NCf$X%3%s%Q%$%k$5$l$?(B
+$B%Q%9%M!<%`>pJs$K0MB8$7$^$9!#(B
+.SH $B;HMQNc(B 1
+\fItcpd\fR $B$,!"%*%j%8%J%k$N%M%C%H%o!<%/%G!<%b%s$,(B "$BJL$N(B" $B>l=j$K0\F0$5$l$k(B
+$B$HM=A[$9$k>l9g!"$3$NNc$OE,1~$5$l$^$9!#(B
+.PP
+\fIfinger\fR $B%5!<%S%9$X$N%b%K%?%"%/%;%9$N$?$a$K!"(B
+"$BJL$N(B" $B>l=j$K%*%j%8%J%k(B finger $B%G!<%b%s$r0\F0$5$;$F!"(B
+$B%*%j%8%J%k(B finger $B%G!<%b%s$N>l=j$K(B tcpd $B$r%$%s%9%H!<%k(B ($B@_CV(B) $B$7$^$9!#(B
+$B@_Dj%U%!%$%k$NJQ99$OMW5a$5$l$^$;$s!#(B
 .nf
 .sp
 .in +5
@@ -92,82 +103,95 @@
 # cp tcpd /usr/etc/in.fingerd
 .fi
 .PP
-The example assumes that the network daemons live in /usr/etc. On some
-systems, network daemons live in /usr/sbin or in /usr/libexec, or have
-no `in.\' prefix to their name.
-.SH EXAMPLE 2
-This example applies when \fItcpd\fR expects that the network daemons
-are left in their original place.
-.PP
-In order to monitor access to the \fIfinger\fR service, perform the
-following edits on the \fIinetd\fR configuration file (usually 
-\fI/etc/inetd.conf\fR or \fI/etc/inet/inetd.conf\fR):
+$BNc$O!"%M%C%H%o!<%/%G!<%b%s$,(B
+/usr/etc $B$NCf$G@8$-$k$H2>Dj$7$^$9!#(B
+$B$$$/$D$+$N%7%9%F%`$K$*$$$F$O!"%M%C%H%o!<%/%G!<%b%s$,(B
+/usr/sbin $B$"$k$$$O(B /usr/libexec $B$NCf$G@8$-$F$$$k$+!"(B
+$B$=$l$i$NL>A0$K(B `in.\' $B@\F,<-$,$"$j$^$;$s!#(B
+.SH $B;HMQNc(B 2
+$B%M%C%H%o!<%/%G!<%b%s$,$=$l$i$N%*%j%8%J%k$N>l=j$KCV$+$l$k$H(B
+\fItcpd\fR $B$,M=A[$9$k>l9g!"$3$NNc$OE,1~$5$l$^$9!#(B
+.PP
+\fIfinger\fR $B%5!<%S%9$X$N%b%K%?%"%/%;%9$N$?$a$K!"(B
+\fIinetd\fR $B@_Dj%U%!%$%k(B ($BDL>o(B /etc/inetd.conf $B$^$?$O(B /etc/inet/inetd.conf)
+$B$G<!$NJT=8$r<B9T$7$^$9!#(B
 .nf
 .sp
 .ti +5
 finger  stream  tcp  nowait  nobody  /usr/etc/in.fingerd  in.fingerd
 .sp
-becomes:
+$B$r<!$N$h$&$K$7$^$9!#(B
 .sp
 .ti +5
 finger  stream  tcp  nowait  nobody  /some/where/tcpd     in.fingerd
 .sp
 .fi
 .PP
-The example assumes that the network daemons live in /usr/etc. On some
-systems, network daemons live in /usr/sbin or in /usr/libexec, the
-daemons have no `in.\' prefix to their name, or there is no userid
-field in the inetd configuration file.
-.PP
-Similar changes will be needed for the other services that are to be
-covered by \fItcpd\fR.  Send a `kill -HUP\' to the \fIinetd\fR(8)
-process to make the changes effective. AIX users may also have to
-execute the `inetimp\' command.
-.SH EXAMPLE 3
-In the case of daemons that do not live in a common directory ("secret"
-or otherwise), edit the \fIinetd\fR configuration file so that it
-specifies an absolute path name for the process name field. For example:
+$BNc$O!"%M%C%H%o!<%/%G!<%b%s$,(B
+/usr/etc $B$NCf$G@8$-$k$H2>Dj$7$^$9!#(B
+$B$$$/$D$+$N%7%9%F%`$K$*$$$F$O!"%M%C%H%o!<%/%G!<%b%s$,(B
+/usr/sbin $B$"$k$$$O(B /usr/libexec $B$NCf$G@8$-$F$$$^$9!#(B
+$B%G!<%b%s$,(B `in.\' $B@\F,<-$r;}$?$J$$$+!"(B
+inetd $B@_Dj%U%!%$%k$K(B userid $B%U%#!<%k%I$O$"$j$^$;$s!#(B
+.PP
+$BF1MM$NJQ99$O!"(B\fItcpd\fR $B$K$h$C$F%+%P!<$5$l$k$3$H$K$J$C$F$$$k(B
+$BB>$N%5!<%S%9$N$?$a$KI,MW$G$9!#(B
+$BJQ99$rM-8z$K$9$k$?$a$K(B \fIinetd\fR(8) $B%W%m%;%9$K(B
+`kill -HUP\' $B$rAw$j$^$9!#(B
+AIX $B%f!<%6$O$5$i$K(B `inetimp\' $B%3%^%s%I$r(B
+$B<B9T$7$J$1$l$P$J$i$J$$$+$b$7$l$^$;$s!#(B
+.SH $B;HMQNc(B 3
+("$BHkL)(B" $B$^$?$OJL$N(B) $B6&DL$N%G%#%l%/%H%j$K@8$-$F$$$J$$%G!<%b%s$N>l9g$K$O!"(B
+$B$=$l$,%W%m%;%9L>%U%#!<%k%I$N@dBPE*$J%Q%9L>$r;XDj$9$k$h$&$K!"(B
+\fIinetd\fR $B@_Dj%U%!%$%k$rJT=8$7$^$9!#(B
+$BNc$($P(B:
 .nf
 .sp
     ntalk  dgram  udp  wait  root  /some/where/tcpd  /usr/local/lib/ntalkd
 .sp
 .fi
 .PP
-Only the last component (ntalkd) of the pathname will be used for
-access control and logging.
-.SH BUGS
-Some UDP (and RPC) daemons linger around for a while after they have
-finished their work, in case another request comes in.  In the inetd
-configuration file these services are registered with the \fIwait\fR
-option. Only the request that started such a daemon will be logged.
-.PP
-The program does not work with RPC services over TCP. These services
-are registered as \fIrpc/tcp\fR in the inetd configuration file. The
-only non-trivial service that is affected by this limitation is
-\fIrexd\fR, which is used by the \fIon(1)\fR command. This is no great
-loss.  On most systems, \fIrexd\fR is less secure than a wildcard in
-/etc/hosts.equiv.
-.PP
-RPC broadcast requests (for example: \fIrwall, rup, rusers\fR) always
-appear to come from the responding host. What happens is that the
-client broadcasts the request to all \fIportmap\fR daemons on its
-network; each \fIportmap\fR daemon forwards the request to a local
-daemon. As far as the \fIrwall\fR etc.  daemons know, the request comes
-from the local host.
-.SH FILES
+$B%Q%9%M!<%`$N:G8e$N9=@.MWAG(B (ntalkd) $B$@$1(B $B$,%"%/%;%9%3%s%H%m!<%k$H(B
+$B%m%0$N5-O?$N$?$a$K;HMQ$5$l$^$9!#(B
+.SH $B%P%0(B
+$B$$$/$D$+$N(B UDP ($B$H(B RPC) $B%G!<%b%s$O!"JL$N%j%/%(%9%H$,E~Ce$9$k>l9g!"(B
+$B;E;v$r=*N;$7$?8e!"$7$P$i$/$N4V5o:B$j$^$9!#(B
+.\" inger around = $BD95o$9$k!"!L5JCcE9$J$I$K!M5o:B$k(B
+.\" for a while = $B$7$P$i$/!">/$7$N4V(B
+inetd $B@_Dj%U%!%$%k$G$O!"$3$l$i$N%5!<%S%9$O(B \fIwait\fR $B%*%W%7%g%s$GEPO?$5$l$^$9!#(B
+.\" -----
+$B$=$N$h$&$J%G!<%b%s$r;O$a$?%j%/%(%9%H$@$1$,%m%0$K5-O?$5$l$^$9!#(B
+.PP
+$B%W%m%0%i%`$O(B TCP $B%*!<%P(B RPC $B%5!<%S%9$GF/$-$^$;$s!#(B
+$B$3$l$i$N%5!<%S%9$O(B inetd $B@_Dj%U%!%$%k$G(B \fIrpc/tcp\fR $B$H$7$FEPO?$5$l$^$9!#(B
+$B$3$N@)8B$K$h$C$F1F6A$5$l$kM#0l$N=EMW$J%5!<%S%9$O(B \fIrexd\fR $B$G$9!#(B
+$B$=$l$O(B \fIon(1)\fR $B$G;HMQ$5$l$^$9!#(B
+$B$3$l$OBgB;<:$G$O$"$j$^$;$s!#(B
+$B$[$H$s$I$N%7%9%F%`$K$*$$$F$O!"(B\fIrexd\fR $B$O!"(B/etc/hosts.equiv $B$NCf$N(B
+$B%o%$%k%I%+!<%I$[$I0BA4$G$O$"$j$^$;$s!#(B
+.PP
+RPC $B%V%m!<%I%-%c%9%H%j%/%(%9%H(B ($BNc$($P(B: \fIrwall$B!"(Brup$B!"(Brusers\fR) $B$O!"(B
+$B>o$K1~Ez%[%9%H$+$iMh$k$h$&$K8+$($^$9!#(B
+$B2?$,5/$3$k$+$O!"%/%i%$%"%s%H$,$=$N%M%C%H%o!<%/>e$N$9$Y$F$N(B \fIportmap\fR
+$B%G!<%b%s$X$N%j%/%(%9%H$r%V%m!<%I%-%c%9%H$9$k$3$H$G$9!#(B
+$B3F(B \fIportmap\fR $B%G!<%b%s$O%m!<%+%k%G!<%b%s$X%j%/%(%9%H$rE>Aw$7$^$9!#(B
+\fIrwall\fR $B$=$NB>$N%G!<%b%s$,CN$C$F$$$k8B$j!"(B
+$B%j%/%(%9%H$O%m!<%+%k%[%9%H$+$iMh$^$9!#(B
+.\" as far as = $B!A$NHO0O$^$G$O!"!A$K4X$9$k8B$j$O(B
+.SH $B4XO"%U%!%$%k(B
 .PP
-The default locations of the host access control tables are:
+$B%[%9%H%"%/%;%9%3%s%H%m!<%k%F!<%V%k$N%G%U%)%k%H$NG[CV$O<!$N$H$*$j$G$9!#(B
 .PP
 /etc/hosts.allow
 .br
 /etc/hosts.deny
-.SH SEE ALSO
+.SH $B4XO"9`L\(B
 .na
 .nf
-hosts_access(5), format of the tcpd access control tables.
-syslog.conf(5), format of the syslogd control file.
-inetd.conf(5), format of the inetd control file.
-.SH AUTHORS
+hosts_access(5)$B!"(Btcpd $B%"%/%;%9%3%s%H%m!<%k(B ($B@)8f(B) $B%F!<%V%k$N7A<0!#(B
+syslog.conf(5)$B!"(Bsyslogd $B@)8f%U%!%$%k$N7A<0!#(B
+inetd.conf(5)$B!"(Binetd $B@)8f%U%!%$%k$N7A<0!#(B
+.SH $B:n<T(B
 .na
 .nf
 Wietse Venema (wietse@wzv.win.tue.nl),
---- $B$3$3$^$G(B ----

--
($BM-(B)$B>.6b4]%3%s%T%e!<%?%(%s%8%K%"%j%s%0%5!<%S%9(B ($BJ!2,8)BgLn>k;T(B)
	$B>.6b4](B $B?.9,(B (Nobuyuki Koganemaru)
E-Mail: n-kogane@syd.odn.ne.jp
E-Mail: kogane@jp.FreeBSD.org
E-Mail: kogane@koganemaru.co.jp
URL: http://www.koganemaru.co.jp
