Linux 101 : TCP wrappers
The TCP Wrappers are set of functions, a service like "nfs" for example could call, to verify whether a user is allowed to use it.
TCP Wrappers use the "/etc/hosts.allow" and "/etc/hosts.deny" files to make that decision.
TCP Wrappers use the libwrap library.
The libwrap library is linked to many services.
To know if a service uses TCP Wrappers, we could use the "ldd" command to check the linked libraries, for example:
The TCP Wrappers checks its "/etc/hosts.allow" file to see if any rule matches the request, then it checks the "/etc/hosts.deny"..
If no matching rule is found in either files, the connection is allowed.
The rules are a combination of hostnames, IP addresses, ...
We could also use IP addresses instead f the hostname, or network addresses - refers to all the hosts in a network -, for example : "10.11.23.0/255.255.255.0" .
Another option is to use the "ALL" parameter which means all the clients.
Comments