[ Team LiB ] |
Recipe 3.9 Restricting Access by Remote Hosts (xinetd with libwrap)3.9.1 ProblemYou want only particular remote hosts to access a TCP service via xinetd , when xinetd was compiled with libwrap support. 3.9.2 SolutionControl access via /etc/hosts.allow and /etc/hosts.deny. For example, to permit Telnet connections only from 192.168.1.100 and hosts in the example.com domain, add this to /etc/hosts.allow: in.telnetd : 192.168.1.100 in.telnetd : *.example.com in.telnetd : ALL : DENY Then reset xinetd so your changes take effect. [Recipe 3.3] 3.9.3 DiscussionIf you want to consolidate your access control in /etc/hosts.allow and /etc/hosts.deny, rather than use xinetd-specific methods [Recipe 3.8], or if you prefer the hosts.allow syntax and capabilities, this technique might be for you. These files support a rich syntax for specifying hosts and networks that may, or may not, connect to your system via specific services. This works only if xinetd was compiled with libwrap support enabled. To detect this, look at the output of: $ strings /usr/sbin/xinetd | grep libwrap libwrap refused connection to %s from %s %s started with libwrap options compiled in. If you see printf-style format strings like the above, your xinetd has libwrap support. 3.9.4 See Alsoxinetd(8), hosts.allow(5). |
[ Team LiB ] |