Configuring packet filters and TCP Wrappers

TCP Wrappers

UnixWare provides an implementation of ``TCP Wrappers'' which has been compiled from source code written by Wietse Venema (wietse@wzv.win.tue.nl). This facility allows you to control access by hosts to service daemons that are started by inetd, such as in.tftpd, in.rlogind, in.telnetd, and in.rexecd.

NOTE: You can use TCP Wrappers instead of packet filters or in addition to them.

The principle by which the wrappers operate is simple:

  1. inetd(1Mtcp) receives a request for a service from a client host.

  2. Using an appropriately modified entry in the inetd.conf(4tcp) configuration file, inetd invokes the wrapper daemon, in.tcpd(1Mtcp), instead of starting the daemon for the service being requested.

  3. in.tcpd consults the lists of rules in the files /etc/inet/hosts.allow and /etc/inet/hosts.deny.

  4. If the host is explicitly allowed access to a service in hosts.allow, in.tcpd immediately invokes the service daemon.

    Otherwise, if the host is not explicitly denied access to the service in hosts.deny, it is implicitly allowed and in.tcpd invokes the service daemon.

By default, many service daemons are configured to be started via in.tcpd. You can immediately control host access to services by adding appropriate entries to the hosts.allow and hosts.deny files.
© 1999 The Santa Cruz Operation, Inc. All rights reserved.
UnixWare 7 Release 7.1.1 - 5 November 1999