version 1.0.0, 2014-07-08 : Initial version
TCP wrappers
Memo about tcp wrappers.On RHEL, the tcp_wrappers is the package that provides TCP wrappers
capability.
Important
TCP wrappers looks first in
/etc/hosts.allow then in
/etc/hosts.deny. If not found in either, it allows the access. /etc/hosts.(allow|deny) files format is: daemon_list : client_list.
The client_list field could be either a hostname or an IP, or one of the
following:
-
ALL→ For all networks -
LOCAL→ For the local network -
EXCEPT→ To exclude a particular user or client -
KNOWN→ All hosts that can be resolved by the system -
UNKNOWN→ All hosts that can’t be resolved by the system -
PARANOID→ Case when the forward and reverse lookup IP address don’t match
Example: sshd : 192.168.1. EXCEPT 192.168.1.30
TCP wrappers usually log into /var/log/secure.