Brief introduction:
TCP wrappers is a host-based ACL system that is used to filter access to network services provided by Linux systems. He provides filtering capabilities to the daemon process through libwrap.
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" Image 036 "border=" 0 "alt=" image 036 "src=" http://s3.51cto.com/wyfs02/M00/88/60/wKiom1fzeyijjRX_ Aaboxnc8msq221.png "" 840 "height=" 246 "/>
Working flow of TCP wrappers:
1, read/etc/hosts.allow file, if can match to the policy, then allow; otherwise proceed to the next step;
2, read/etc/hosts.deny file, if can match to the policy, then refused;
Instance: only 192.168.0.100/24 access is allowed.
# Cat/etc/hosts.allow
sshd:192.168.0.100/255.255.255.0
# Cat/etc/hosts.deny
Sshd:all
Using TCP wrappers to enhance SSHD security