Electronic Books

For Fedora and RHEL systems, that server
is the xinetd daemon, while in other systems (such as Debian) the inetd daemon is used. When a
NOTE
NOTE
222
Running the Show Part II
service that relies on TCP wrappers is requested from the server process, the hosts.allow and
hosts.deny files are scanned and checked for an entry that matches the IP address of the connecting
machine. These checks are made when connection attempts occur:
 If the address is listed in the hosts.allow file, the connection is allowed and
hosts.deny is not checked.
 If the address is in hosts.deny, the connection is denied.
 If the address is in neither file, the connection is allowed.
Keep in mind that the order in which hosts are evaluated is important. For example, you cannot deny
access to a host in the hosts.deny file that has already been given access in the hosts.allow file.
It is not necessary (or even possible) to list every single address that may try to connect to your
computer. The hosts.allow and hosts.deny files enable you to specify entire subnets and
groups of addresses. You can even use the keyword ALL to specify all possible addresses. You
can also restrict specific entries in these files so they apply only to specific network services.
Look at an example of a typical pair of hosts.


Pages:
459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483