HP-UX Reference (11i v3 07/02) - 5 Miscellaneous Topics (vol 9)
h
hosts_access(5) hosts_access(5)
Service trapping can be especially useful on network firewall systems. The typical network firewall only
provides a limited set of services to the outer world. All other services can be trapped just like the above
tftp example. The result is an excellent early-warning system.
DIAGNOSTICS
Problems are reported via
syslogd, the syslog daemon, at info, notice, warning and err lev-
els. An error is reported in the following cases:
• When a syntax error is found in a host access control rule,
• When the length of an access control rule exceeds the capacity of an internal buffer,
• When an access control rule is not terminated by a newline character,
• When the result of
%letter expansion would overflow an internal buffer,
• When a system call fails that should not.
WARNINGS
If a name server lookup times out, the host name will not be available to the access control software, even
though the host is registered.
Domain name server lookups are not case-sensitive. NIS (formerly YP) netgroup lookups are case-
sensitive.
AUTHOR
Wietse Venema (wietse@wzv.win.tue.nl)
Department of Mathematics and Computing Science
Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands
FILES
/etc/hosts.allow (daemon,client) pairs that are granted access.
/etc/hosts.deny (daemon,client) pairs that are denied access.
SEE ALSO
tcpd(1M) TCP/IP daemon wrapper program.
tcpdchk(1) and tcpdmatch(1) test programs.
tryfrom(1) and sffinger(1) TCP Wrapper utility programs.
202 Hewlett-Packard Company − 5 − HP-UX 11i Version 3: February 2007