hosts.allow(4) CLIX hosts.allow(4)
NAME
hosts.allow, hosts.deny - Host access control files
DESCRIPTION
The /etc/hosts.allow file contains a list of local network services and
the remote clients who will be granted acesss to the specified service
daemons.
The /etc/hosts.deny file contains a list of local network services and the
remote clients who will be denied access to the specified service daemons.
After the log utility is started, whenever a remote connection request for
connection to any network service listed in the /etc/inetd.conf file is
received, the tcpd server reads /etc/hosts.allow and /etc/hosts.deny to
determine access permissions.
The format of the files is as follows:
daemon_list : client_list
The daemon_list parameter can be one or more of the network services
listed in the /etc/inetd.conf file.
The client_list parameter is a list of one or more of the following:
⊕ Hostname
⊕ Internet address
⊕ Domain name
⊕ Netgroup name
⊕ Internet network number
Domain names should begin with a dot (.). Internet network numbers (as
opposed to Internet host numbers) should end with a dot. Netgroup names
must begin with the at symbol (@).
List elements should be separated by blanks or commas. With the
exeception of netgroup lookups, all access control parameters are case
sensitive.
Access will be granted if a daemon/client pair is matched with an entry in
the /etc/hosts.allow file.
If there is no match in the /etc/hosts.allow file (or if the
/etc/hosts.allow file does not exist), the /etc/hosts.deny file is
2/94 - Intergraph Corporation 1
hosts.allow(4) CLIX hosts.allow(4)
checked. Access will be denied if a daemon/client pair is matched with an
entry in the /etc/hosts.deny file.
If there is a match in both files, then the /etc/hosts.allow file takes
precedence.
If no access control files exist, access control is turned off and all
requests are allowed.
The tokens ALL and LOCAL can also be used. If ALL is specified for the
daemon_list then access is granted/denied for all network daemon
processes. If ALL is specified for the client_list, then all clients are
granted/denied access. If LOCAL is specified for the client_list then any
client string that does not contain a dot (.) is granted/denied access.
EXAMPLES
1. This example restricts all services to hosts within the local domain
(hostnames that do not contain a dot), in the "b35.psh.com" domain,
and below the ".abc.com" domain. The /etc/hosts.allow file would
appear as follows:
ALL : LOCAL, b35.psh.com, .abc.com
The /etc/hosts.deny file would appear as follows:
ALL : ALL
2. This example allows access to all services for hosts within the
"netdev" netgroup. The /etc/hosts.allow file would appear as follows:
ALL : @netdev
The /etc/hosts.deny file would appear as follows:
ALL : ALL
3. This example denies all services, except ftp, to all clients. The
/etc/hosts.allow file would appear as follows:
ftpd : ALL
The /etc/hosts.deny file would appear as follows:
ALL : ALL
NOTES
Netgroups are supported on systems running NIS.
2 Intergraph Corporation - 2/94
hosts.allow(4) CLIX hosts.allow(4)
If the TCP/IP logging service finds a syntax error in the /etc/hosts.allow
or /etc/hosts.deny file, the error is logged to the /usr/adm/tcp_log file.
A file with a syntax error is ignored by tcpd when determining access
permissions.
Lines in the file that begin with a number sign (#) are treated as
comments and are ignored.
RELATED INFORMATION
Commands: tcpd(8), log(8)
Files: inetd.conf(4), tcp_log(4)
2/94 - Intergraph Corporation 3