The following are the limitations in this release of TCP Wrappers:
When a new request comes
in, the UDP (rpc/udp) daemons linger around for a while after servicing
the request.In the /etc/inetd.conf file, these daemons are registered
with the ‘wait’ option. The nowait option is not
supported. Only the request which started such a daemon will be
seen by the wrappers.
The wrappers do not work
with RPC services over TCP. These services are registered as rpc/tcp
in the /etc/inetd.conf file. The only non-trivial service that is
affected by this limitation is rexd, which is used by the
on(1) command.
Some RPC requests like rwall,
rup, rusers et al appear to come from the server host. The client
broadcasts its request to all portmap daemons on its network; each
portmap daemon in turn forwards the request to a daemon on its own
system. However, daemon like rwall assumes that the request is coming
from the local host.
The user name lookup feature
of TCP Wrappers uses identd to identify the username of the remote
host. By default, this feature is disabled, as identd may appear
hung when there are large number of TCP connections. To enable the
username lookup, perform the steps as described in the tcpd.conf(4)man
page.