Option Fields - Red Hat ENTERPRISE LINUX 4.5.0 Reference Manual

restarting the
portmap
Widely used services, such as NIS and NFS, depend on
these limitations.
2.1.4. Operators
At present, access control rules accept one operator,
daemon list and the client list of a rule.
The operator allows specific exceptions to broader matches within the same rule.
EXCEPT
In the following example from a
to all services except
cracker.example.com
ALL: .example.com EXCEPT cracker.example.com
In the another example from a
all services except for FTP:
ALL EXCEPT vsftpd: 192.168.0.
Note
Organizationally, it is often easier to avoid using
other administrators to quickly scan the appropriate files to see what hosts are
allowed or denied access to services, without having to sort through
operators.

2.2. Option Fields

In addition to basic rules allowing and denying access, the Red Hat Enterprise Linux
implementation of TCP wrappers supports extensions to the access control language through
option fields. By using option fields within hosts access rules, administrators can accomplish a
variety of tasks such as altering log behavior, consolidating access control, and launching shell
commands.
2.2.1. Logging
Option fields let administrators easily change the log facility and priority level for a rule by using
the directive.
severity
In the following example, connections to the SSH daemon from any host in the
domain are logged to the default
with a priority of
emerg
service.
hosts.allow
hosts.allow
authprivsyslog
:
to operate, so be aware of
portmap
. It can be used in both the
EXCEPT
file, all
example.com
:
file, clients from the 192.168.0.
EXCEPT
facility (because no facility value is specified)
Option Fields
hosts are allowed to connect
network can use
x
operators. This allows
EXCEPT
example.com
315