Introduction to tcp_wrappers firewall

Others 2022-04-28 14:21:45 views: 0

First check whether the system has tcp_wrappers installed

If there is output similar to the above, it means that the tcp_wrappers module has been installed. If it is not displayed, it may not be installed, and you need to install it through yum or rpm tools.
 
Two limitations of tcp_wrappers firewall
Whether a service in the system uses the tcp_wrappers firewall depends on whether the libwrapped library file is applied to the service. If it is applied, the tcp_wrappers firewall can be used. The system defaults to some services (such as sshd, portmap, sendmail, xinetd, vsftpd, tcpd, etc. ) can use the tcp_wrappers firewall.
 
Three tcp_wrappers setting rules
The firewall implementation of tcp_wrappers is done through the two files /etc/hosts.allow and /etc/hosts.deny. First, let's take a look at the set format.
service:host(s) [:action]
  • service: represents the service name, such as sshd, vsftpd, sendmail, etc.
  • host(s): represents the host name or IP address, there can be multiple, such as 192.168.60.78, www.cakin24.net
  • action: represents the action, the action to be taken when the condition is met.
Several keywords are shown below.
  • ALL: Represents all services or all IPs.
  • ALL EXCEPT: All services or all IPs (except those specified).
General rules:
Linux will first determine the /etc/hosts.allow file. If the computer being logged in remotely satisfies the rules set in the file /etc/hosts.allow, the /etc/hosts.deny file will not be used. Conversely, if the rules set in /etc/hosts.allow are not met, the /etc/hosts.deny file will be used. If the hosts.deny rule is met, then the host is restricted from accessing the Linux server. If the settings of hosts.deny are not satisfied, this host can access the Linux server by default.
E.g
ALL:ALL EXCEPT 192.168.0.104 means that any machine except the machine 192.168.0.104 is either allowed or denied when performing all services.
 
Four applications
The goal of a Linux server on the LAN is to only allow 192.168.0.103 to log in to the system remotely through the SSH service. The settings are as follows:
Add the following rules to the /etc/hosts.allow file:
sshd:192.168.0.103
Add the following rules to the /etc/hosts.deny file:
sshd:all

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=326396248&siteId=291194637
Recommended
Linus is the most active in "eating dog food"!
Ranking
Share good programmer web front-end array and sorting, de-duplication and random roll call
Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe
魔众帮助中心系统 v3.1.0 首页切换器,界面优化
Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)
How to suppress the "requires transitive directive for an automatic module" warning properly?
LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)
Summer 2019 Summer soft essay 7 workers
Python中Assert断言的使用语法和例子
LeetCode one question per day (2021-2-3 sliding window median)
Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up
Daily
More
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)

Code World

© 2018 codetd.com