Secure Tcp Wrapper

TCP wrapper based its access List on Rules that can be included in the following two files:

• /etc/hosts.allow
• /etc/hosts.deny

The syntax for both /etc/hosts.allow and /etc/hosts.deny file are similar and are defined as follows:

daemon : client [:option1:option2:...]

For example, if you want to allow SSH from a specific IP (and/or a range of IPs) and deny access to all other IPs:

Put the following code in the /etc/hosts.allow:

sshd : 111.111, 222.222.222.222

and put this in the /etc/hosts.deny:

sshd : ALL

As a reminder, there is some rule you have to respect.

• You can have only one rule per service in hosts.allow and hosts.deny file.
• Any changes to hosts.allow and hosts.deny file takes immediate effect.
• The last line in the files hosts.allow and hosts.deny must be a new line character. Or else the rule will fail.