tcp wrappers
inetd is a super server which listens to
connection requests on behalf
of other servers and analysis’s the incoming
message to forward them to the appropriate server in this way all
servers need not to be running all the times, they are launched
appropriately when required.
In order to protect the serves from malicious
access a program called tcp wrappers was developed which is used
in conjunction with inetd
TCP wrappers consists of a program called
tcpd
tcpd 1st analyzes the incoming request for
access to the severs and consults local rules to allow or block
the access attempt
These rules are kept in two files
/etc/hosts.allow
/etc/hosts.deny
hosts.allow lists the hosts that are allowed
to access the servers
hosts.deny lists the hosts that are not
allowed to access the servers
First file that is consulted is hosts.allow,
so if you allow a hosts in hosts.allow and block it in hosts.deny
than the host will we able to access the server on your box.
It is generally recommended that you keep
hosts.allow empty and define your rules in hosts.deny
The rules ar listed in the these files using
the following format
service : client
Where service is the service running on your
computer and client the remote computer that you want to allow or
deny access.
So if you want to block users from
123.12.32.3 to access your ftp serve, you will put something
links
proftpd: 123.12.32.3
in your hosts.deny file
To reject everything a wildcard of
ALL: ALL
Is also supported
e.g access to all services will be denied for a particular ip using the
ALL : 123.12.32.3 in
your hosts.deny file
|