TCP Wrappers Release Notes
What’s in This Version
TCP Wrapper Features
Chapter 16
TCP Wrapper Features
The following are the features of TCP Wrappers:
TCP Wrapper Overview
The Internet Super Server, inetd allows a single process to be waiting
for multiple services instead of one process for each service. Whenever a
connection is established with inetd for a service, inetd runs the
appropriate server program specified in /etc/inetd.conf and waits for
other connections.
inetd runs the wrapper program tcpd instead of running the server
program directly.
When inetd invokes tcpd for a service, it will read the /etc/tcpd.conf file
and configure itself to effect its behaviour for different features at
runtime.
The tcpd program offers the following features to enforce access control
check for a service:
• Access Control
TCP Wrappers uses /etc/hosts.allow and /etc/hosts.deny files as
Access Control Lists (ACLs). These access control files are used to
match the client and server entries with the request for a service.
These files are based on pattern matching and can be extended via
optional extensions like: allowing the spawning of a shell command.
Each access control file consists of a set of access control rules for
different services, which use tcpd.
An access control rule is of the following form:
daemon_list:client_list:option:option:..
Where daemon_list contains the list of daemons and client_list
contains the list of clients for which this rule is applicable. Each list
is a set of items separated by a space. The options are separated by a
colon.
The access control module reads the /etc/hosts.allow and
/etc.hosts.deny files before granting or denying access to any service.
The files are searched in the following order: