HP-UX Internet Services Administrator's Guide (August 2003)

TCP Wrappers
The tcpd Features
Chapter 344
The tcpd Features
The tcpd program provides the following features to enforce access
control checks for a service:
Access Control
Host name or Address Spoofing
Client User Name
Setting Traps
Banner Messages
Access Control
TCP wrappers uses the files /etc/hosts.allow and /etc/hosts.deny
as Access Control Lists (ACLs). These access control files are used to
match the client and server entries with the service request. These files
are based on pattern matching and can be extended via optional
extensions such as allowing spawning of a shell command.
Each access control file consists of a set of access control rules for
different services that use tcpd.
An access control rule is of the following form:
daemon_list:client_list:option:option:...
daemon_list Specifies the list of daemons.
client_list Specifies the list of clients for which the access control
rule is applicable. Each list is a set of items separated
by a space. A client in the client_list specifies the
name or address of a host requesting a service.
option Specifies a list of options. Options are separated by a
colon.
The access control files are /etc/hosts.allow and /etc/hosts.deny.If
you do not create these files, and specify the daemon-client pair for
granting or denying access, the access control is disabled. The access
control module reads these files in the following order, before granting or
denying access to any service: