> Intuitively, it seems like in hosts.allow, I'd want to use the name
> 'telnet' for the in.telnetd service, because inetd knows about it
Conceptually, though, it's tcpd, not inetd, that implements the
restrictions defined in hosts.allow and hosts.deny. "telnet" is simply
the name in /etc/services by which the service is known; it's the name
that maps it to port 23. tcpd is not aware of it.
The inetd.conf line
> telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
instructs inetd to accept incoming TCP connections on port 23 and, when it
receives them, pass them to /usr/sbin/tcpd, which is called with an
argv[0] of "in.telnetd". It's argv[0], according to the man pages for
hosts.allow and hosts.deny, that tcpd checks against when implementing
restrictions.
> But this doesn't work, nor does saying 'in.telnetd: LOCAL, .yale.edu'.
> Any suggestions?
Did you try what I suggested about complementing your hosts.allow with a
restrictive hosts.deny? If an incoming connection comes from outside
Yale, it doesn't match the ".yale.edu" and is passed through; tcpd finds
no match in hosts.allow or hosts.deny and therefore allows the connection,
which is the default.
Shawn