Red Hat Bugzilla – Bug 83846
RFE: prefer TCP wrapper for denying access
Last modified: 2007-04-18 12:50:56 EDT
Red Hat Linux Reference Guide 8.0.93
Page 112f (126.96.36.199. Access Control Options)
Add a note that it's almost always better to not use control options
in xinetd but rely on hosts.(allow|deny) instead.
In hosts.deny you can block everything with ALL: ALL and then allow
the required services in hosts.allow.
If you use only_from or no_access in the xinetd configuration files, you
miss those programs that are not started using xinetd but are also using
TCP wrappers. Mixing both is obviousely a bad idea, so use
There is talk of changing TCP wrappers infrastructure, so I did not "go there."
I will leave this as an RFE for next round.
I have added this information to the most recent version.
This chapter will be on the Docs Beta CD and in the final product.