Debian 7.0
Sponsored Link

Access Control by TCP Wrapper
20131/06/05
 
This is the example for Access Control by TCP Wrapper.
[1] Install TCP Wrapper
root@dlp:~#
aptitude -y install tcpd
[2] Make sure if a service can be under the TCP Wrapper control or not with the following command. If it includes a link to 'libwrap', it's possible.
root@dlp:~#
ldd /usr/sbin/sshd | grep wrap

    libwrap.so.0 => /lib/x86_64-linux-gnu/libwrap.so.0 (0x00007f52c7576000)
# this service can be under TCP Wrapper control because it includes 'libwrap'
[3] Access control by TCP Wrapper is done with '/etc/hosts.allow' and '/etc/hosts.deny'.
The example below shows to set access control which allow to access to sshd from 10.0.0.0/24.
root@dlp:~#
vi /etc/hosts.deny
sshd: ALL
root@dlp:~#
vi /etc/hosts.allow
sshd: 10.0.0.
[4] For the case to allow the access to vsftpd from 'host.example.domain'.
root@dlp:~#
vi /etc/hosts.deny
vsftpd: ALL
root@dlp:~#
vi /etc/hosts.allow
vsftpd: host.example.domain
[5] For the case to allow access to all services that can be under TCP Wrapper control only from 'example.domain' and '10.0.1.0/24'.
root@dlp:~#
vi /etc/hosts.deny
ALL: ALL
root@dlp:~#
vi /etc/hosts.allow
ALL: .example.domain 10.0.1.
 
Tweet