8:59 AM
Unknown
TCP Wrapper is used to filter network access to Internet and it can also be used to GRANT or DENY access to various services on your machine to the outside network or other machines on the same network.
You must note that the wrappers do not work with RPC services over TCP. Common services such as pop3, ftp, sshd, telnet, r-services are supported by TCP Wrappers. In linux its actually done by writing simple rules to two files:
1. /etc/hosts.allow
2. /etc/hosts.deny
When the request for ssh comes it first checks the /etc/hosts.allow file if any rule for the sshd daemon is set in it else it will check for the same in /etc/hosts.deny file.
Examples:
/etc/hosts.allow file
[root@dedico ~]# cat /etc/hosts.allow
#
# hosts.allow This file contains access rules which are used to
# allow or deny connections to network services that
# either use the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
ALL : .example.com
telnetd : 192.168.0.0/255.255.255.0 EXCEPT 192.168.0.79
sshd, in.tftpd : 192.168.1.10
The first line is a comment, the next line is to define the host example.com that can access to all services. The next line is to show that the telnet service can only be accessed from any host from the 192.168.0.0/24 segment except the IP address 192.168.0.79.
/etc/hosts.deny file
[root@dedico ~]# cat /etc/hosts.deny
#
# hosts.deny This file contains access rules which are used to
# deny connections to network services that either use
# the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# The rules in this file can also be set up in
# /etc/hosts.allow with a 'deny' option instead.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
ALL EXCEPT in.tftpd : .example.org
telnetd : ALL EXCEPT 192.168.1.10
ALL:ALL
The first line is to deny all tftp services from all hosts except for example.com. The next line is to deny all traffic to the telnet service from all hosts except from ip address 192.168.1.10.
1. /etc/hosts.allow
2. /etc/hosts.deny
When the request for ssh comes it first checks the /etc/hosts.allow file if any rule for the sshd daemon is set in it else it will check for the same in /etc/hosts.deny file.
Examples:
/etc/hosts.allow file
[root@dedico ~]# cat /etc/hosts.allow
#
# hosts.allow This file contains access rules which are used to
# allow or deny connections to network services that
# either use the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
ALL : .example.com
telnetd : 192.168.0.0/255.255.255.0 EXCEPT 192.168.0.79
sshd, in.tftpd : 192.168.1.10
The first line is a comment, the next line is to define the host example.com that can access to all services. The next line is to show that the telnet service can only be accessed from any host from the 192.168.0.0/24 segment except the IP address 192.168.0.79.
/etc/hosts.deny file
[root@dedico ~]# cat /etc/hosts.deny
#
# hosts.deny This file contains access rules which are used to
# deny connections to network services that either use
# the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# The rules in this file can also be set up in
# /etc/hosts.allow with a 'deny' option instead.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
ALL EXCEPT in.tftpd : .example.org
telnetd : ALL EXCEPT 192.168.1.10
ALL:ALL
The first line is to deny all tftp services from all hosts except for example.com. The next line is to deny all traffic to the telnet service from all hosts except from ip address 192.168.1.10.
Posted in: 
0 comments:
Post a Comment