TCP Wrapper
It’s daemon listens on specific ports such as (telnet 23, ftp 21), when it receive a packet, it’s lunches the appropriate program to handle the connection.
It does the same work as inetd, but with more security such as (TCP Wrapper).
It supports TCP/IP security by using (Access Control List), it works with Xinetd to support security for some services such as telnet or ftp even SSH.
When you want to connect to telnet (in.telnetd), Xinetd asks TCP Wrapper if this connection is allowed or not.
1-hosts.allow and hosts.deny files.
2-tcpdmatch : program explain how the TCP Wrapper would handle a specific request.
3-tcpdchk : TCP wrapper configuration checker program.
When i want to connect to telnet server (in.telnetd)
1- Parse hosts.allow to apply rules on telnet service ,if it found it allows the connection, else, it moves to step 2.
2- Parse hosts.deny to apply rules on telnet service ,ifit found it denies the connection.
3- If no matching in hosts.allow or hosts.deny, it grant access.
TO allow hosts to access is done by adding a rule in hosts.allow, for example to allow 192.168.0.150 to access my telnet server
edit my hosts.allow nano /etc/hosts.allow
add a rule to allow 192.168.0.150 to access my telnet in.telnetd : 192.168.0.150
To deny hosts to access my telnet server,by adding rule in hosts.deny, for example if i want deny 192.168.0.160 to access my telnet
Edit my hosts.deny nano /etc/hosts.deny
add rule to deny 192.168.0.160 to access my telnet server in.telnetd : 192.168.0.160
Note 1: To add more then one address just separate between addresses with space
in.telnetd : 192.168.0.160 192.168.0.161 192.168.0.162
Note 2: No need to restart or reload any daemons after editinghosts.alloworhosts.deny.
Note 3: To allow all network to accessin.telnetd : 192.168.0.orin.telnetd : 192.168.0.0/255.255.255.0