CentOS 5
Sponsored Link

Access Control by TCP Wrapper
2010/05/05
  This is the example for Access Control by TCP Wrapper.

[1] TCP Wrapper is installed by default on many environment, but if it's not installed on your server, Install first.
[root@rx7 ~]#
yum -y install tcp_wrappers
[2] Make sure if a service can be under the TCP Wrapper control or not with following command. If it includes a link to 'libwrap', it's possible.
[root@rx7 ~]#
ldd /usr/sbin/sshd | grep wrap

    libwrap.so.0 => /lib64/libwrap.so.0 (0x00002b3ff55bd000)
# this service can be under TCP Wrapper control because it includes 'libwrap'
[3] Access control by TCP Wrapper is done with '/etc/hosts.allow' and '/etc/hosts.deny'.
the example below shows to set access control which allow to access from 192.168.0.0/24.
[root@rx7 ~]#
vi /etc/hosts.deny


sshd: ALL


[root@rx7 ~]#
vi /etc/hosts.allow


sshd: 192.168.0.
[4] The case to allow the access to vsftpd from 'host.example.com'
[root@rx7 ~]#
vi /etc/hosts.deny


vsftpd: ALL


[root@rx7 ~]#
vi /etc/hosts.allow


vsftpd: host.example.com
[5] Allow access to all services that can be under TCP Wrapper control from 'example.com' and '192.168.1.0/24'
[root@rx7 ~]#
vi /etc/hosts.deny


ALL: ALL


[root@rx7 ~]#
vi /etc/hosts.allow


ALL: .example.com 192.168.1.
Matched Content
 
Tweet