|
Guide to configuring TCPWrappers
--------------------------------
This article is a general guide to configuring TCP Wrappers
on your system.
TCP Wrappers can deny access to services from certain hosts, domains
or everyone, and will make a note of it in syslog.
Configuring
-----------
First you need to find out the name of the service you want to block.
This can usually be obtained from /etc/inetd.conf
Some common examples are:
telnet - telnetd
finger - fingerd
ftp - ftpd
portmapper - portmap
The next step is to enter the information into /etc/hosts.equiv
A sample entry to deny everyone from accessing fingerd is to add the
following line:
fingerd : ALL : banners /etc/banners/reject
This will deny all hosts from connecting to fingerd, and will display
a message according to the contents of the file /etc/banners/reject/fingerd
in place.
(Note: you will most probably have to create this)
You can block specific hosts, or domains, with one of the following lines:
fingerd : .this.host.com : banners /etc/banners/reject
-or-
fingerd : .host.com : banners /etc/banners/reject
These examples will display a banner message in place of the service
To just block the host and display nothing, just use the syntax:
fingerd : .host.com : deny
That will get you started on blocking hosts using tcpwrappers!
More advanced techniques can be found in the examples in /etc/hosts.equiv
-- sparc
(jamie@jamiesdomain.co.uk )
|
