120


Chapter 8. TCP Wrappers and


xinetd


specifically given access to the service in


hosts.allow


are allowed to access the service. In addition,


all rules in each file take effect from the top down.


Any changes to these files take effect immediately, so restarting services is not required.


8.2.1. Formatting Rules


All access control rules are placed on lines within


hosts.allow


and


hosts.deny


, and any blank


lines or lines that start with the comment character (


#


) are ignored. Each rule needs to be on its own


line.


The rules must be formatted in the following manner:


D


daemon_list :


D


client_list [: spawn


D


shell_command


]


E


E


E


Each of these options refer to a different part of the rule:


  daemon_list


  A collection of one or more process names or special wildcards, separated by


whitespace.


  client_list


  One or more hostnames, host addresses, patterns, or wildcards, separated by


whitespace, to use when a particular process name matches a requested service.


  shell_command


  An optional component that specifies something to be done in the event a rule


is utilized.


Patterns are particularly helpful when specifying groups of clients that may or may not access a


certain service. By placing a "


.


" character at the beginning of a string, all hosts that share the end of


that string are applied to that rule. So,


.domain.com


would catch both


system1.domain.com


and


system2.domain.com


. The "


.


" character at the end of a string has the same effect, except going the


other direction. This is primarily used for IP addresses, as a rule pertaining to


192.168.0.


would


apply to the entire class C block of IP addresses. Netmask expressions can also be used as a pattern to


control access to a particular group of IP addresses. You can even use asterisks (


*


) or question marks


(


?


) to select entire groups of hostnames or IP addresses, so long as you do not use them in the same


string as the other types of patterns.


If a list of hostnames with access a service is too long or is difficult to control within


host.allow


or


hosts.deny


, you can also specify the full path to a file (such as


/etc/telnet.hosts.deny


).


This file contains hostnames, host addresses, or patterns, separated by whitespace, that you want to


allow or deny access to that service. This method also works well to share access control lists between


various services, as changes would only need to be made in one file per service.


The following wildcards may be used in the access control rules instead of using specific hosts or


groups of hosts:


  ALL


  Matches every client with a service. To allow a client access to all services, use the


ALL


in


the daemons section.


  LOCAL


  Matches any host that does not contain a "


.


" character.


  KNOWN


  Matches any host where the hostname and host address are known or where the user is


known.


  UNKNOWN


  Matches any host where the hostname or host address are unknown or where the user


is unknown.


  PARANOID


  Matches any host where the hostname does not match the host address.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      tomcat hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved