[PLUG] Tcp wrappers
Jeff DeFouw
defouwj@purdue.edu
Mon, 27 Sep 1999 00:21:52 -0500 (EST)
On Mon, 27 Sep 1999, Josh Guffin wrote:
> Is it possible to restrict specific ports using tcpwrappers? I think I
> found something about it in the manpage for tcpd but i'm not sure...
A TCP wrapper restricts access to a service defined in /etc/services which
maps to a protocol and port. In /etc/hosts.allow and /etc/hosts.deny you
can allow and deny hosts from accessing specific services.
In hosts.deny a line:
telnet: ALL
would deny all hosts access to the telnet service
or you could put "ALL: ALL" in hosts.deny (the order is allow,deny by
default) and then give specific hosts access to specific tcp wrapped
services in hosts.allow:
telnet: .purdue.edu
ident: ALL
which would deny everyone except telnets from hosts matching *.purdue.edu
and ident requests from any host.
For more information look at the man pages for tcpd(8) and
hosts_access(5).
These only work for services handled through tcpd as seen in
/etc/inetd.conf. Anything not handled by tcpd can be blocked by different
means with the Linux firewall utilities.
--
Jeff DeFouw <defouwj@purdue.edu>