This is a way of controlling access to services normally run by inetd (which Gentoo does not have), but it can also be used by xinetd and other services.
Note: The service should be executing tcpd in its server argument (in xinetd). See the chapter on xinetd for more information. |
Code Listing 1.1: /etc/hosts.deny |
ALL:PARANOID |
Code Listing 1.1: /etc/hosts.allow |
ALL: LOCAL @wheel time: LOCAL, .gentoo.org |
As you can see the format is very similar to the one in /etc/login.access. Tcpd supports a specific service; it does not overlap with /etc/login.access. These settings only apply to services using tcp wrappers.
It is also possible to execute commands when a service is accessed (this can be used when activating relaying for dial-in users) but it is not recommended, since people tend to create more problems than they are trying to solve. An example could be that you configure a script to send an e-mail every time someone hits the deny rule, but then an attacker could launch a DoS attack by keep hitting the deny rule. This will create a lot of I/O and e-mails so don't do it!. Read the man 5 hosts_access for more information.