Skip to main content
IBM  
Shop Support Downloads
IBM Home Products Consulting Industries News About IBM
IBM developerWorks : Linux : Education - Tutorials
LPI certification 102 exam prep, Part 3
ZIPPDF (letter)PDF (A4)e-mail
Main menuSection menuFeedbackPreviousNext
3. Internet services
  


Restricting access to local users with TCP wrappers page 9 of 12


The tcpd program is configured using two files: /etc/hosts.allow and /etc/hosts.deny. These files have lines of the form:


daemon_list : client_list [ : shell_command ]

Access is granted or denied in the following order. The search stops at the first match:

  • Access is granted when a match is found in /etc/hosts.allow
  • Access is denied when a match is found in /etc/hosts.deny
  • Access is granted if nothing matches

For example, to allow telnet access only to our internal network, we start by setting policy (reject all connections with a source other than localhost) in /etc/hosts.deny:


in.telnetd: ALL EXCEPT LOCAL

Main menuSection menuFeedbackPreviousNext
Privacy Legal Contact