Advantages Of Tcp Wrappers; Tcp Wrappers Configuration Files - Red Hat ENTERPRISE LINUX 4.5.0 Reference Manual

Chapter 17. TCP Wrappers and ...
Note
To determine if a network service binary is linked against
following command as the root user:
ldd binary-name | grep libwrap
Replace
If a prompt is returned, then the network service is not linked against

1.1. Advantages of TCP Wrappers

TCP wrappers provide the following advantages over other network service control techniques:
• Transparency to both the client host and the wrapped network service — Both the connecting
client and the wrapped network service are unaware that TCP wrappers are in use.
Legitimate users are logged and connected to the requested service while connections from
banned clients fail.
• Centralized management of multiple protocols — TCP wrappers operate separately from the
network services they protect, allowing many server applications to share a common set of
configuration files for simpler management.

2. TCP Wrappers Configuration Files

To determine if a client machine is allowed to connect to a service, TCP wrappers reference the
following two files, which are commonly referred to as hosts access files:
•
/etc/hosts.allow
•
/etc/hosts.deny
When a client request is received by a TCP wrapped service, it takes the following basic steps:
1. References
/etc/hosts.allow
/etc/hosts.allow
matching rule, it allows the connection. If not, it moves on to the next step.
2. References
/etc/hosts.deny
file. If it finds a matching rule, it denies the connection. If not, access to
/etc/hosts.deny
310
with the name of the network service binary.
<binary-name>
. — The TCP wrapped service sequentially parses the
file and applies the first rule specified for that service. If it finds a
. — The TCP wrapped service sequentially parses the
, type the
libwrap.a
libwrap.a
.