Red Hat ENTERPRISE LINUX 3 Reference Manual page 261
Hide thumbs
Also See for ENTERPRISE LINUX 3:
- Manual (410 pages) ,
- System administration manual (348 pages) ,
- Administration manual (200 pages)
Table of Contents
Advertisement
Chapter 16. TCP Wrappers and
IP address ending with a period (
•
hosts sharing the initial numeric groups of an IP address. The following example applies to any
host within the
192.168.x.x
ALL : 192.168.
IP address/netmask pair — Netmask expressions can also be used as a pattern to control access to
•
a particular group of IP addresses. The following example applies to any host with an address of
through
192.168.0.0
ALL : 192.168.0.0/255.255.254.0
Important
When working in the IPv4 address space, the address/prefix length (prefixlen) pair declarations
are not supported. Only IPv6 rules can use this format.
[IPv6 address]/prefixlen pair — [net]/prefixlen pairs can also be used as a pattern to control access
•
to a particular group of IPv6 addresses. The following example would apply to any host with an
address of
3ffe:505:2:1::
ALL : [3ffe:505:2:1::]/64
The asterisk (
) — Asterisks can be used to match entire groups of hostnames or IP addresses, as
•
*
long as they are not mixed in a client list containing other types of patterns. The following example
would apply to any host within the
ALL : *.example.com
The slash (
) — If a client list begins with a slash, it is treated as a file name. This is useful if rules
•
/
specifying large numbers of hosts are necessary. The following example refers TCP wrappers to the
/etc/telnet.hosts
in.telnetd : /etc/telnet.hosts
Other, lesser used patterns are also accepted by TCP wrappers. Refer to the
page for more information.
Warning
Be very careful when using hostnames and domain names. Attackers can use a variety of tricks to
circumvent accurate name resolution. In addition, disruption in DNS service prevents even authorized
users from using network services.
It is, therefore, best to use IP addresses whenever possible.
16.2.1.3. Portmap and TCP Wrappers
When creating access control rules for
of TCP wrappers does not support host look ups. For this reason, only use IP addresses or the keyword
when specifying hosts is in
ALL
In addition, changes to
ing the
service.
portmap
Widely used services, such as NIS and NFS, depend on
limitations.
xinetd
) — Placing a period at the end of an IP address matches all
.
network:
192.168.1.255
through
3ffe:505:2:1:ffff:ffff:ffff:ffff
example.com
file for all Telnet connections:
portmap
hosts.allow
access control rules may not take affect immediately without restart-
portmap
:
domain:
, do not use hostnames as
or
.
hosts.deny
portmap
:
hosts_access
's implementation
portmap
to operate, so be aware of these
243
man 5
Advertisement
Table of Contents
Related Manuals for Red Hat ENTERPRISE LINUX 3
Related Products for Red Hat ENTERPRISE LINUX 3
- Red Hat ENTERPRISE LINUX 3 - FOR IBM ESERVER ISERIES AND IBM ESERVER PSERIES
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.5
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.7
- Red Hat ENTERPRISE LINUX 4 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4.5.0 -
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE
- Red Hat LINUX 7.1 - ISERIES
- Red Hat Enterprise Linux 2.1
- Red Hat ENTERPRISE LINUX 5 - VIRTUAL SERVER ADMINISTRATION
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.2
- Red Hat ENTERPRISE LINUX 5.5 - S 2010
- Red Hat ENTERPRISE LINUX 5.3 - RELEASE MANIFEST
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE