tcpd.conf(4) tcpd.conf(4)
NAME [Toc] [Back]
tcpd.conf - configuration file for tcpd
DESCRIPTION [Toc] [Back]
When inetd invokes tcpd for a service, it will read /etc/tcpd.conf and
perform access control checks (see tcpd(1M)).
Each line in the file is treated either as a comment or as
configuration information. Commented lines begin with #. Uncommented
lines contain two required fields, key and value. The fields are
separated by tabs and/or spaces. A line can be continued if it
terminates with a backslash (\).
The following are the configuration parameters:
rfc931_timeout n
The RFC931 username lookup can be enabled or disabled through
this parameter. Value for n specifies the time-out value (in
seconds), to be used while getting the username information from
the client.
A value of zero for n disables the rfc931 feature.
The default configuration of this disables the rfc931 feature
with n value equal to 0.
The maximum value to which n can be set is 30 seconds.
on_reverselookup_fail {allow | deny}
This parameter determines whether tcpd should allow or deny the
connection request on reverse lookup failure.
In both the cases, tcpd will log the event of reverse lookup
failure, but in the deny case, it will reject the connection
request just after reverse lookup failure. In the allow case,
the hostname can be matched with the PARANOID wildcard (see
hosts_options(5)) in access control files (/etc/hosts.allow and
/etc/hosts.deny).
The default value for this is deny.
log_level {normal | extended}
This parameter determines the level at which tcpd should log the
information using syslog. A value of extended will cause the TCP
Wrappers daemon (see tcpd(1M)), to log the ACLs information such
as with which entry the client request is matched and this
entry's related options.
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
tcpd.conf(4) tcpd.conf(4)
The default value for this entry is normal, in which case tcpd
will only log the connection details about refusal or acceptance
of the connection in the form of `connection from abc@xyz_host'.
Processing Invalid and Multiple Entries [Toc] [Back]
tcpd processes invalid and multiple entries in the following ways:
+ An invalid entry for a configuration parameter is ignored.
Instead, the default value for the configuration parameter will be
used. For example, the following invalid entry for log_level will
be replaced by the use of normal.
log_level abcd
will be treated as:
log_level normal
+ If multiple entries for a configuration parameter are specified,
only the last occurring entry is processed and the rest are
ignored. For example, in the following two entries for
rfc931_timeout, the last value of 25 is used for that parameter.
rfc931_timeout 10
rfc931_timeout 25
EXAMPLES [Toc] [Back]
To set the a 25 seconds time-out value for RFC931 user name lookup:
rfc931_timeout 25
To disable the RFC931 user name lookup:
rfc931_timeout 0
To make tcpd to allow a host on reverse lookup failure and process
that host as PARANOID, in ACLs:
on_reverselookup_fail allow
To set the extended logging option:
log_level extended
AUTHOR [Toc] [Back]
tcpd.conf was developed by the Hewlett-Packard.
SEE ALSO [Toc] [Back]
inetd(1M), tcpd(1M).
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: August 2003 [ Back ] |
