Scribd
Upload
24 views

Linux TCP Wrappers

linux

Uploaded by

Aravind Bhombore
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
24 views

Linux TCP Wrappers

linux

Uploaded by

Aravind Bhombore
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 1

Linux Security With TCP Wrappers

The TCP Wrappers package is installed by default on Fedora Linux and provides ho
st-based security separate from that provided by a firewall running on the serve
r itself or elsewhere.
The application relies on two main files:
/etc/hosts.allow: Defines the hosts and networks allowed to connect to the serve
r. The TCP Wrappers enabled application searches this file for a matching entry,
and if it finds one, then the connection is allowed.
/etc/hosts.deny: Defines the hosts and networks prohibited from connecting to th
e server. If a match is found in this file, the connection is denied. No match m
eans the connection proceeds normally.
The /etc/hosts.allow file is always read first and both files are always read fr
om top to bottom, therefore the ordering of the entries is important.
The TCP Wrappers File Format
The format of the file is as follows:
<TCP-daemon-name> <client-list> : <option>
This example allows all traffic from the 192.168.1.0/24 and the 192.168.2.0/255.
255.255.0 networks and SSH from only two hosts, 172.16.1.1 and 216.10.119.244. A
ll HTTP Web traffic is allowed. All other TCP traffic to the host is denied. Not
ice how the subnet masks can use the slash nomenclature or the dotted decimal 25
5.255.255.0 format.
#
# File: hosts.allow
#
ALL:
192.168.1.0/24 192.168.2.0/255.255.255.0
sshd: 172.16.1.1 216.10.119.244
httpd: ALL
#
# File: hosts.deny
#
ALL:

ALL

You might also like