the djb way

/etc/tcprules

For the TCP/IP services installed in "the djb way", we use the path /etc/tcprules as the standard directory for tcprules data files.

Network access to services run under tcpserver may be constrained by rules provided with the -x option. The rules themselves are first defined in a special plain-text format, then compiled into a fast hash database format, called "cdb", by the tcprules utility. The "cdb" file is the argument to the tcpserver -x option when invoking the service.

Within the /etc/tcprules directory, rule source files (in plain text) are identified with the filename extension ".rules". After the source files are compiled into cdb databases by the tcprules utility, they are identified with the filename extension ".cdb".

The base file name for the ".rules" and corresponding ".cdb" files is usually the standard name defined for the port that the service will listen to, usually found in the file /etc/services.

As an example, the tcprules source file for a pop3 service would be named pop3.rules: 

/etc/tcprules/pop3.rules

The cdb file derived from pop3.rules by the tcprules utility would then be named pop3.cdb: 

/etc/tcprules/pop3.cdb

The run script in /var/svc.d/qmail-pop3d/run would be written to look something like this (the -x option shown in bold): 

#!/bin/sh
# qmail-pop3d/run
# ===
exec 2>&1
ME=`head -1 /var/qmail/control/me`
exec softlimit -m 3000000 \
  tcpserver -DHRv -l 0 -c 30 \
  -x /etc/tcprules/pop3.cdb \
  0 110 \
    qmail-popup "$ME" /bin/checkpassword qmail-pop3d ./.QMAIL.POP/
### that's all, folks!

/etc/tcprules/Makefile

For ease of administration, the /etc/tcprules directory is supported by two files:

The Makefile looks like this: 

# /etc/tcprules/Makefile
# build/update .cdb files for tcprules
# ===
.SUFFIXES:
.SUFFIXES: .rules .cdb

.rules.cdb:
	tcprules $@ $*.tmp < $<
	chmod 444 $@

.PHONY: all
all:
	@ /bin/sh ./MAKEALL.sh

.PHONY: clean
clean:
	rm -f *.cdb

### that's all, folks!

Usage is simple. To compile/update any specific rule defined in the source file service.rules, just use: 

# cd /etc/tcprules
# make service.cdb

Here is a specific example, using the rules defined in the source file pop3.rules: 

# cd /etc/tcprules
# make pop3.cdb

The "all" target is also supported by this Makefile, using a supplementary script named MAKEALL.sh: 

#!/bin/sh
# /etc/tcprules/MAKEALL.sh
# make all *.rules -> *.cdb
# ===
if RULES=`ls *.rules 2>/dev/null`; then
  CDB=`echo ${RULES} | sed 's/\.rules/.cdb/g'`
  make ${CDB}
fi
exit 0
# that's all, folks!

Note: this script does not need to be installed as executable.

Now it is simple to make sure all tcprules in the directory are up to date with make all: 

# cd /etc/tcprules
# make all

Or, since "all" is the default target, just use make: 

# (cd /etc/tcprules; make)

This is the best way to add/update rules, since it will ensure that all other cdb files are up to date.

Copyright © 2002, 2003, 2004, Wayne Marshall.
All rights reserved.

Last edit 2004.10.04, wcm.