The entry
199.170.177. will match any IP address that begins with that string, such as 199.170.177.25.
The client entry .linuxtoys.net will match hostnames such as jukebox.linuxtoys.net
and picframe.linuxtoys.net.
Let??™s examine what happens when a host named jukebox.linuxtoys.net (with IP address
199.170.179.18) connects to your Linux system using the Telnet protocol. In this case, the
Linux system is Fedora, which uses the xinetd daemon to listen for service requests associated
with TCP wrappers:
1. xinetd receives the connection request.
2. xinetd begins comparing the address and name of jukebox.linuxtoys.net to the
rules listed in /etc/hosts.allow. It starts at the top of the file and works its way down
the file until it finds a match. Both the daemon (the program handling the network service
on your Fedora box) and the connecting client??™s IP address or name must match the
information in the hosts.allow file. In this case, the second rule that is encountered
matches the request:
in.telnetd: 199.170.177., .linuxtoys.net
3. The jukebox host is not in the 199.170.177 subnet, but it is in the linuxtoys.net
domain. xinetd stops searching the file as soon as it finds this match.
224
Running the Show Part II
How about if jukebox connects to your box using the CUPS-lpd protocol? In this case, it matches
none of the rules in hosts.
Pages:
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486