tcpdmatch - tcp wrapper oracle
tcpdmatch [-d] [-i inet_conf] daemon client
tcpdmatch [-d] [-i inet_conf] daemon [@server] [user@]
client
tcpdmatch predicts how the tcp wrapper would handle a specific request
for service. Examples are given below.
The program examines the tcpd(8) access control tables (default
/etc/hosts.allow and /etc/hosts.deny) and prints its conclusion. For
maximal accuracy, it extracts additional information from
your inetd(8)
network configuration file.
When tcpdmatch finds a match in the access control tables,
it identifies
the matched rule. In addition, it displays the optional
shell commands
or options in a pretty-printed format; this makes it easier
for you to
spot any discrepancies between what you want and what the
program understands.
The options are as follows:
-d Examine hosts.allow and hosts.deny files in the current directory
instead of the default ones.
-i inet_conf
Specify this option when tcpdmatch is unable to find
your
inetd.conf network configuration file, or when you
wish to test
with a non-default one.
The following two arguments are always required:
daemon A daemon process name. Typically, the last component of a daemon
executable pathname.
client A host name or network address, or one of the ``unknown'' or
``paranoid'' wildcard patterns.
When a client host name is specified, tcpdmatch gives a prediction for
each address listed for that client.
When a client address is specified, tcpdmatch predicts what
tcpd(8) would
do when client name lookup fails.
Optional information specified with the daemon@server form:
server A host name or network address, or one of the ``unknown'' or
``paranoid'' wildcard patterns. The default server
name is
``unknown''.
Optional information specified with the user@client form:
user A client user identifier. Typically, a login name
or a numeric
user ID. The default user name is ``unknown''.
The default locations of the tcpd(8) access control tables
are:
/etc/hosts.allow access control table (allow list)
/etc/hosts.deny access control table (deny list)
To predict how tcpd(8) would handle a telnet request from
the local system:
$ tcpdmatch telnetd localhost
The same request, pretending that hostname lookup failed:
$ tcpdmatch telnetd 127.0.0.1
To predict what tcpd(8) would do when the client name does
not match the
client address:
$ tcpdmatch telnetd paranoid
hosts_access(5), hosts_options(5), inetd.conf(5), tcpdchk(8)
Wietse Venema ([email protected]),
Department of Mathematics and Computing Science,
Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands
OpenBSD 3.6 June 23, 1997
[ Back ] | 