3.6 TCP Wrappers

Access to servers having addresses in ‘INET’ family is controlled using TCP wrappers(6).

This system is based on two files, called tables, containing access rules. There are two tables: the allow table, stored in file ‘/etc/hosts.allow’, and the deny table, kept in file ‘/etc/hosts.deny’. The rules in each table begin with an identifier called daemon name. Access to a Smap server is controlled by two entries: a global one, with the daemon name ‘smapd’, and per-server one, with server ID (see section server id as its daemon name. The latter takes precedence over the former. For example, if you have the following in your ‘smapd.conf’:

 
server main inet://192.168.10.1

and wish this server to be accessible only to machines 192.168.10.2 and 192.168.10.3, then you would add the following line to your ‘/etc/hosts.allow’:

 
main: 192.168.10.2 192.168.10.3

and the following line to your ‘/etc/hosts.deny’:

 
main: ALL

The former allows access from these two IPs, and the latter blocks it from any other IPs.

A detailed description of TCP wrapper table format lies outside the scope of this document. Please, see (hosts_access(5))ACCESS CONTROL FILES section `ACCESS CONTROL FILES' in hosts_access(5) man page, for details.

Footnotes

(6)

This feature requires smapd to be compiled with the TCP wrappers library libwrap. It is always enabled at configure time, unless libwrap is absent, or you explicitly disable it.