Linux security - TCP Wrappers -:

The TCP Wrappers are set of functions, a service like "nfs" for example could call, to verify whether a user is allowed to use it.

TCP Wrappers use the "/etc/hosts.allow" and "/etc/hosts.deny" files to make that decision.

TCP Wrappers use the libwrap library.

The libwrap library is linked to many services.
To know if a service uses TCP Wrappers, we could use the "ldd" command to check the linked libraries, for example:


To check if "nfs" is linked to the libwarp library.

The TCP Wrappers checks its "/etc/hosts.allow" file to see if any rule matches the request, then it checks the "/etc/hosts.deny"..

If no matching rule is found in either files, the connection is allowed.

The rules are a combination of hostnames, IP addresses, ...


The above rule allows users connecting from the "debian" machine to run "smb" and "nfs".

We could also use IP addresses instead f the hostname, or network addresses - refers to all the hosts in a network -, for example : "10.11.23.0/255.255.255.0" .

Another option is to use the "ALL" parameter which means all the clients.

Brando Sabatini and Ikbal C ©. Powered by Blogger.