In /etc/hosts.allow you need something like this listing all the permitted clients and denying anything else. syslog-ng: 172.22.2.13: allow syslog-ng: 172.18.112.3: allow syslog-ng: ALL: deny It doesn't need any inetd configuration. I don't believe it works for UDP, but I wouldn't lockout UDP syslog traffic that way anyway; better to block it at the layer beneath with ipchains/iptables/ipfilter or similar. For extra resilience where a firewall separates the syslog-ng client and server, I added some TCP Keepalive code to ensure a relatively quiet syslog-ng TCP stream is always kept alive in the face of Firewall-1/iptables idling out the connection, but it's not essential, and it may even have been included in later releases anyway. Ted $ diff -u afinet.c-1.6.0rc3.orig afinet.c-1.6.0rc3.patched --- afinet.c-1.6.0rc3.orig Sat Feb 28 11:42:50 2004 +++ afinet.c-1.6.0rc3.patched Sat Feb 28 11:42:50 2004 @@ -28,6 +28,8 @@ #include "cfgfile.h" #include "pkt_buffer.h" +#include <sys/socket.h> +#include <sys/types.h> #include <errno.h> #include <string.h> #include <assert.h> @@ -217,8 +219,13 @@ CAST(afinet_source, self, c); struct afsocket_source_connection *conn; UINT32 res; + int socklen,sockval; + + socklen=sizeof(sockval); + if ( ( getsockopt(client->super.fd, SOL_SOCKET, SO_TYPE, &sockval, &socklen) == 0 ) && + ( sockval == SOCK_STREAM ) ) { #if ENABLE_TCP_WRAPPER - { + { struct request_info req; request_init(&req, RQ_DAEMON, "syslog-ng", RQ_FILE, client->super.fd, 0); @@ -230,9 +237,19 @@ close_fd(&client->super, 0); return ST_OK | ST_GOON; } + } +#endif + +#ifdef SO_KEEPALIVE + sockval=1; socklen=sizeof(sockval); + if ( setsockopt(client->super.fd, SOL_SOCKET, SO_KEEPALIVE, &sockval, socklen) < 0 ) { + notice("setsockopt SO_KEEPALIVE failure during do_open_afinet_connection()"); + } else { + notice("setsockopt SO_KEEPALIVE Ok in do_open_afinet_connection()"); } - #endif + } + if (c->num_connections >= c->max_connections) { CAST(inet_address_info, inet_addr, client_addr); @@ -250,8 +267,6 @@ } return res; } - - } static int @@ -488,6 +503,17 @@ if (self->conn_fd) { return ST_OK | ST_GOON; +#ifdef SO_KEEPALIVE + if ( (self->super.flags & 0x0003) == AFSOCKET_STREAM ) { + int sockval=1; + + if ( setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &sockval, sizeof(sockval)) < 0 ) { + notice("setsockopt SO_KEEPALIVE failure during do_init_afinet_dest()"); + } else { + notice("setsockopt SO_KEEPALIVE Ok in do_init_afinet_dest()"); + } + } +#endif } else { io_callout(self->cfg->backend, $ Ted ************************************************************************************************ This E-mail message, including any attachments, is intended only for the person or entity to which it is addressed, and may contain confidential information. If you are not the intended recipient, any review, retransmission, disclosure, copying, modification or other use of this E-mail message or attachments is strictly forbidden. If you have received this E-mail message in error, please contact the author and delete the message and any attachments from your computer. You are also advised that the views and opinions expressed in this E-mail message and any attachments are the author's own, and may not reflect the views and opinions of FLEXTECH Television Limited. ************************************************************************************************