hosts_access

hosts_access – format of host access control files 

 

This manual page describes a simple access control language that is based on client (host name/address, user name), and server (process name, host name/address) patterns. Examples are given at the end. The impatient reader is encouraged to skip to the EXAMPLES section for a quick introduction.

 

The access control software consults two files. The search stops at the first match:

*
Access will be granted when a (daemon,client) pair matches an entry in the/etc/hosts.allow file.
*
Otherwise, access will be denied when a (daemon,client) pair matches an entry in the/etc/hosts.deny file.
*
Otherwise, access will be granted.

 

WILDCARDS

The access control language supports explicit wildcards:

ALL
The universal wildcard, always matches.
LOCAL
Matches any host whose name does not contain a dot character.
UNKNOWN
Matches any user whose name is unknown, and matches any host whose name oraddress are unknown. This pattern should be used with care: host names may be unavailable due to temporary name server problems. A network address will be unavailable when the software cannot figure out what type of network it is talking to.
KNOWN
Matches any user whose name is known, and matches any host whose name andaddress are known. This pattern should be used with care: host names may be unavailable due to temporary name server problems. A network address will be unavailable when the software cannot figure out what type of network it is talking to.
PARANOID
Matches any host whose name does not match its address. When tcpd is built with -DPARANOID (default mode), it drops requests from such clients even before looking at the access control tables. Build without -DPARANOID when you want more control over such requests.