Tool-BarfreeBSD ArticlesSearch Our SiteHOMEfreeBSD LinksContribute to FreeBSD HelpFreeBSD FilesFreeBSD Script Corner

Configuring TCP Wrappers in FreeBSD

This article is a general guide to configuring TCP Wrappers on your system.

TCP Wrappers can deny access to services from certain hosts, domains or everyone, and will make a note of it in syslog.


First you need to find out the name of the service you want to block. This can usually be obtained from /etc/inetd.conf

Some common examples are:

telnet     -   telnetd
finger     -   fingerd
ftp      -   ftpd
portmapper   -   portmap

The next step is to enter the information into /etc/hosts.equiv

A sample entry to deny everyone from accessing fingerd is to add the following line:

fingerd : ALL : banners /etc/banners/reject

This will deny all hosts from connecting to fingerd, and will display a message according to the contents of the file /etc/banners/reject/fingerd in place.
(Note: you will most probably have to create this)

You can block specific hosts, or domains, with one of the following lines:

fingerd : : banners /etc/banners/reject


fingerd : : banners /etc/banners/reject

These examples will display a banner message in place of the service

To just block the host and display nothing, just use the syntax:

fingerd : : deny

That will get you started on blocking hosts using tcpwrappers!

More advanced techniques can be found in the examples in /etc/hosts.equiv

-- sparc

© 1997 - 20013 Defcon1, , Copyrights for all materials on this web site are held by the individual authors, artists, photographers or creators. Materials may not be reproduced or otherwise distributed without permission of and the content's original author.

Tool-Bar-2Defcon1  Webmail