Gentoo Logo

[ << ] [ < ] [ Home ] [ > ] [ >> ]


8. TCP Wrappers

8.a. TCP Wrappers

This is a way of controlling access to services normally run by inetd (which Gentoo does not have), but it can also be used by xinetd and other services.

Note: The service should be executing tcpd in its server argument (in xinetd). See the chapter on xinetd for more information.

Code ListingĀ 1.1: /etc/hosts.deny

ALL:PARANOID

Code ListingĀ 1.2: /etc/hosts.allow

ALL: LOCAL @wheel
time: LOCAL, .gentoo.org

As you can see the format is very similar to the one in /etc/security/access.conf. Tcpd supports a specific service; it does not overlap with /etc/security/access.conf. These settings only apply to services using tcp wrappers.

It is also possible to execute commands when a service is accessed (this can be used when activating relaying for dial-in users) but it is not recommended, since people tend to create more problems than they are trying to solve. An example could be that you configure a script to send an e-mail every time someone hits the deny rule, but then an attacker could launch a DoS attack by keep hitting the deny rule. This will create a lot of I/O and e-mails so don't do it!. Read the man 5 hosts_access for more information.


[ << ] [ < ] [ Home ] [ > ] [ >> ]


Print

View all

Page updated April 26, 2010

Summary: Control access to services.

Kim Nielsen
Author

John P. Davis
Editor

Eric R. Stockbridge
Editor

Carl Anderson
Editor

Jorge Paulo
Editor

Sven Vermeulen
Editor

Benny Chuang
Editor

Sune Jeppesen
Editor

Tiemo Kieft
Editor

Zack Gilburd
Editor

Dan Margolis
Editor

Joshua Saddler
Editor

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.