hosts_access.5 (2010 09)
h
hosts_access(5) hosts_access(5)
WARNING: Do not set traps on your
finger daemon, unless you are prepared for infinite finger
loops.
Service trapping can be especially useful on network firewall systems. The typical network firewall only
provides a limited set of services to the outer world. All other services can be trapped just like the above
tftp example. The result is an excellent early-warning system.
DIAGNOSTICS
Problems are reported via
syslogd, the syslog daemon, at info, notice, warning and err
lev-
els. An error is reported in the following cases:
• When a syntax error is found in a host access control rule,
• When the length of an access control rule exceeds the capacity of an internal buffer,
• When an access control rule is not terminated by a newline character,
• When the result of
%letter expansion would overflow an internal buffer,
• When a system call fails that should not.
WARNINGS
If a name server lookup times out, the host name will not be available to the access control software, even
though the host is registered.
Domain name server lookups are not case-sensitive. NIS (formerly YP) netgroup lookups are case-
sensitive.
AUTHOR
Wietse Venema (wietse@wzv.win.tue.nl)
Department of Mathematics and Computing Science
Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands
FILES
/etc/hosts.allow (daemon,client) pairs that are granted access.
/etc/hosts.deny (daemon,client) pairs that are denied access.
SEE ALSO
tcpd (1M) TCP/IP daemon wrapper program.
tcpdchk (1) and tcpdmatch (1) test programs.
tryfrom (1) and sffinger(1) TCP Wrapper utility programs.
HP-UX 11i Version 3: September 2010 − 5 − Hewlett-Packard Company 5