Access to servers having addresses in ‘INET’ family is controlled using TCP wrappers6.
This system is based on two files, called tables, containing access rules. There are two tables: the allow table, stored in file /etc/hosts.allow, and the deny table, kept in file /etc/hosts.deny. The rules in each table begin with an identifier called daemon name. Access to a Smap server is controlled by two entries: a global one, with the daemon name ‘smapd’, and per-server one, with server ID (see server id as its daemon name. The latter takes precedence over the former. For example, if you have the following in your smapd.conf:
server main inet://192.168.10.1
and wish this server to be accessible only to machines 192.168.10.2 and 192.168.10.3, then you would add the following line to your /etc/hosts.allow:
main: 192.168.10.2 192.168.10.3
and the following line to your /etc/hosts.deny:
The former allows access from these two IPs, and the latter blocks it from any other IPs.
A detailed description of TCP wrapper table format lies outside the scope of this document. Please, see ACCESS CONTROL FILES in hosts_access(5) man page, for details.
This feature requires
smapd to be compiled with the TCP wrappers library
libwrap. It is always enabled at configure time, unless
libwrap is absent, or you explicitly disable it.