Configuring TCP Wrappers in FreeBSD
This article is a general guide to configuring TCP Wrappers on your system.
TCP Wrappers can deny access to services from certain hosts, domains or everyone, and will make a note of it in syslog.
First you need to find out the name of the service you want to block. This can usually be obtained from /etc/inetd.conf
Some common examples are:
telnet - telnetd
finger - fingerd
ftp - ftpd
portmapper - portmap
The next step is to enter the information into /etc/hosts.equiv
A sample entry to deny everyone from accessing fingerd is to add the following line:
fingerd : ALL : banners /etc/banners/reject
This will deny all hosts from connecting to fingerd, and will display a message according to the contents of the file /etc/banners/reject/fingerd in place.
(Note: you will most probably have to create this)
You can block specific hosts, or domains, with one of the following lines:
fingerd : .this.host.com : banners /etc/banners/reject
fingerd : .host.com : banners /etc/banners/reject
These examples will display a banner message in place of the service
To just block the host and display nothing, just use the syntax:
fingerd : .host.com : deny
That will get you started on blocking hosts using tcpwrappers!
More advanced techniques can be found in the examples in /etc/hosts.equiv