See BLT.
/etc/hosts.deny: One of the two access control files for TCP Wrappers and libwrap
This and/or its companion /etc/hosts.allow are used by the
TCP Wrappers
utility (or by any program that's been linked against the libwrap libraries) to determine which services can be access by which clients (based on their host IP address, network prefix, hostname or domain).
Read the man pages: hosts.allow hosts.deny hosts_access and hosts_options for more details on the syntax and use of these files.
Do not confuse the use of TCP Wrappers and libwrap with the use of IP Tables, IP Chains, ''ipfwadm'' or other packet filtering functions. TCP Wrappers is run in user space, after a connection has already been established; it can close the connection or execute a program to use that connection. Packet filtering in Linux occurs in the kernel and can affect any protocol, not just TCP and UDP.
Historically the program and libraries checked both files. One was for a list of specific hosts and networks to allow, the other was then checked for a list to deny. In general system administrators use one or the other and add the ": DENY" or ": ALLOW" keywords to the ends of each line to specify their intent.
Years ago (back in about 1995) I (JimDennis) asked Wietse Venema why he didn't just combine both files and rename them to ''/etc/tcpd.conf'' --- and he offered the opinion that there were already far too many users of the package out there to change something like that now.
So, as an administrator, just pick one to edit and remember to check both.
utility (or by any program that's been linked against the libwrap libraries) to determine which services can be access by which clients (based on their host IP address, network prefix, hostname or domain).
Read the man pages: hosts.allow hosts.deny hosts_access and hosts_options for more details on the syntax and use of these files.
Do not confuse the use of TCP Wrappers and libwrap with the use of IP Tables, IP Chains, ''ipfwadm'' or other packet filtering functions. TCP Wrappers is run in user space, after a connection has already been established; it can close the connection or execute a program to use that connection. Packet filtering in Linux occurs in the kernel and can affect any protocol, not just TCP and UDP.
Historically the program and libraries checked both files. One was for a list of specific hosts and networks to allow, the other was then checked for a list to deny. In general system administrators use one or the other and add the ": DENY" or ": ALLOW" keywords to the ends of each line to specify their intent.
Years ago (back in about 1995) I (JimDennis) asked Wietse Venema why he didn't just combine both files and rename them to ''/etc/tcpd.conf'' --- and he offered the opinion that there were already far too many users of the package out there to change something like that now.
So, as an administrator, just pick one to edit and remember to check both.
Contributors
- () JimDennis - 22 Oct 2003
- If you edit this page: add your name here; move this to the next line; and if you've used a comment marker (your initials in parenthesis), include it before your WikiName.
Revision Comment
- %DATE% —
Page Ratings
Edit | Attach | Topic revision: r2 - 2003-10-22 - RandyKramer
Site map
Blog web
Create New Topic
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
Account 
Copyright � 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding WikiLearn? WebBottomBar">Send feedback
See TWiki's New Look